Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

22 vulnerabilities found for build_of_keycloak by redhat

CVE-2025-7784 (GCVE-0-2025-7784)

Vulnerability from nvd – Published: 2025-07-18 13:48 – Updated: 2025-11-07 21:37

Title

Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

Summary

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-269 - Improper Privilege Management

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:12015	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:12016	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-7784	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2381861	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 26.2.6 (semver)

Red Hat	Red Hat build of Keycloak 26	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2.6-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Credits

Red Hat would like to thank Patrick Kutz for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:46:09.378551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:56:11.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "26.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat build of Keycloak 26",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.6-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Patrick Kutz for reporting this issue."
        }
      ],
      "datePublic": "2025-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T21:37:40.791Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:12015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12015"
        },
        {
          "name": "RHSA-2025:12016",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12016"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7784"
        },
        {
          "name": "RHBZ#2381861",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-18T05:54:39.333000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-18T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-269: Improper Privilege Management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7784",
    "datePublished": "2025-07-18T13:48:45.713Z",
    "dateReserved": "2025-07-18T06:05:57.305Z",
    "dateUpdated": "2025-11-07T21:37:40.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3910 (GCVE-0-2025-3910)

Vulnerability from nvd – Published: 2025-04-29 20:46 – Updated: 2026-01-29 19:37

Title

Org.keycloak.authentication: two factor authentication bypass

Summary

A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication.

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4335	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4336	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-3910	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361923	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/issues/39349

Impacted products

Vendor

Product

Version

Affected: 25.0.0 , < 25.* (semver)
Affected: 26.0.0 , < 26.0.11 (semver)
Unknown: 26.1.0 , < 26.1.* (semver)
Affected: 26.2.0 , < 26.2.2 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:26
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0.11-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0-13 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9

Credits

This issue was discovered by Marek Posolda (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:52:31.582697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:53:38.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "25.*",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.0.11",
              "status": "affected",
              "version": "26.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.1.*",
              "status": "unknown",
              "version": "26.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.2.2",
              "status": "affected",
              "version": "26.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak.authentication",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.11-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-13",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Marek Posolda (Red Hat)."
        }
      ],
      "datePublic": "2025-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T19:37:51.422Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4335"
        },
        {
          "name": "RHSA-2025:4336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4336"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3910"
        },
        {
          "name": "RHBZ#2361923",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/39349"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-23T19:23:26.537000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-29T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.authentication: two factor authentication bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigations are available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3910",
    "datePublished": "2025-04-29T20:46:39.828Z",
    "dateReserved": "2025-04-23T19:29:10.054Z",
    "dateUpdated": "2026-01-29T19:37:51.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10234 (GCVE-0-2024-10234)

Vulnerability from nvd – Published: 2024-10-22 13:17 – Updated: 2025-11-11 16:05

Title

Wildfly: wildfly vulnerable to cross-site scripting (xss)

Summary

A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:10924	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10925	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10926	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10931	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11636	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11638	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11639	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11640	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11645	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2025	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2026	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2029	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-10234	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2320848	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 35.0.0 , < 35.0.0 (semver)

Red Hat	Red Hat JBoss Enterprise Application Platform 7.4.23	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.16.0-21.redhat_00055.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.5.10-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 1:1.0.2-5.redhat_00004.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.16.0-21.redhat_00055.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.5.10-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 1:1.0.2-5.redhat_00004.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.16.0-21.redhat_00055.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.5.10-1.redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 1:1.0.2-5.redhat_00004.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.6.6-5.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.13-2.redhat_5.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.214-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-4.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.2-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.1.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.13-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.0-2.redhat_8.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.9.0-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.21-2.redhat_00001.2.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.4.0-3.redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.0-3.redhat_12.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.6.6-5.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.13-2.redhat_5.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.214-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-4.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.2-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.1.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.13-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.0-2.redhat_8.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.9.0-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.21-2.redhat_00001.2.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.4.0-3.redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.0-3.redhat_12.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.19-1.redhat_00002.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.19-1.redhat_00002.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.19-1.redhat_00002.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-67 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:41:01.307691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:41:14.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/wildfly/wildfly",
          "defaultStatus": "unaffected",
          "packageName": "wildfly",
          "versions": [
            {
              "lessThan": "35.0.0",
              "status": "affected",
              "version": "35.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4.23",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-client",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-67",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:05:02.693Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "name": "RHSA-2025:10925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "name": "RHSA-2025:10926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "name": "RHSA-2025:10931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "name": "RHSA-2025:11636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11636"
        },
        {
          "name": "RHSA-2025:11638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11638"
        },
        {
          "name": "RHSA-2025:11639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11639"
        },
        {
          "name": "RHSA-2025:11640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11640"
        },
        {
          "name": "RHSA-2025:11645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11645"
        },
        {
          "name": "RHSA-2025:2025",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2025"
        },
        {
          "name": "RHSA-2025:2026",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2026"
        },
        {
          "name": "RHSA-2025:2029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2029"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "name": "RHBZ#2320848",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-22T01:46:48.739000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-22T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Wildfly: wildfly vulnerable to cross-site scripting (xss)",
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10234",
    "datePublished": "2024-10-22T13:17:57.891Z",
    "dateReserved": "2024-10-22T01:50:57.793Z",
    "dateUpdated": "2025-11-11T16:05:02.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8883 (GCVE-0-2024-8883)

Vulnerability from nvd – Published: 2024-09-19 15:48 – Updated: 2026-01-23 17:03

Title

Keycloak: vulnerable redirect uri validation results in open redirec

Summary

A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:10385	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:10386	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6878	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6879	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6880	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6882	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6886	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6887	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6888	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6889	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6890	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8823	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8824	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8826	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-8883	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2312511	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/blob/main/se…

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-18 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-21 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.8-1 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.33.0-1.redhat_00015.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.16.1-2.redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.2.2-28.redhat_2.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.15.1-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.14.0-2.redhat_00006.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.5-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.1.0-2.redhat_00010.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.12.284-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.5-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-4.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.8.1-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.2-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.22.1-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.37.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.6.0-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-6.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.16-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.33.0-1.redhat_00015.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.16.1-2.redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.2.2-28.redhat_2.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.15.1-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.14.0-2.redhat_00006.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.5-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.1.0-2.redhat_00010.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.12.284-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.5-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-4.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.8.1-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.2-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.22.1-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.37.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.6.0-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-6.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.16-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.18-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.18-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.18-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-54 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8

Credits

Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:28:37.383842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:56:50.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.8-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-54",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
        }
      ],
      "datePublic": "2024-09-19T15:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a \u0027Valid Redirect URI\u0027 is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:03:54.986Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10385"
        },
        {
          "name": "RHSA-2024:10386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10386"
        },
        {
          "name": "RHSA-2024:6878",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6878"
        },
        {
          "name": "RHSA-2024:6879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6879"
        },
        {
          "name": "RHSA-2024:6880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6880"
        },
        {
          "name": "RHSA-2024:6882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6882"
        },
        {
          "name": "RHSA-2024:6886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6886"
        },
        {
          "name": "RHSA-2024:6887",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6887"
        },
        {
          "name": "RHSA-2024:6888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6888"
        },
        {
          "name": "RHSA-2024:6889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6889"
        },
        {
          "name": "RHSA-2024:6890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6890"
        },
        {
          "name": "RHSA-2024:8823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8823"
        },
        {
          "name": "RHSA-2024:8824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8824"
        },
        {
          "name": "RHSA-2024:8826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8826"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-8883"
        },
        {
          "name": "RHBZ#2312511",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
        },
        {
          "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-16T06:17:01.573000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-19T15:13:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: vulnerable redirect uri validation results in open redirec",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-8883",
    "datePublished": "2024-09-19T15:48:28.468Z",
    "dateReserved": "2024-09-16T06:45:30.550Z",
    "dateUpdated": "2026-01-23T17:03:54.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7341 (GCVE-0-2024-7341)

Vulnerability from nvd – Published: 2024-09-09 18:51 – Updated: 2026-01-26 14:50

Title

Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

Summary

A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7341	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2302064	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:59:06.075961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:59:16.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak:keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-09T13:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T14:50:24.980Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
        },
        {
          "name": "RHBZ#2302064",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T15:02:21+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:48:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-384: Session Fixation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7341",
    "datePublished": "2024-09-09T18:51:13.537Z",
    "dateReserved": "2024-07-31T15:13:22.220Z",
    "dateUpdated": "2026-01-26T14:50:24.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7318 (GCVE-0-2024-7318)

Vulnerability from nvd – Published: 2024-09-09 18:50 – Updated: 2026-01-26 15:11

Title

Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity

Summary

A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute. A one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid.

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-324 - Use of a Key Past its Expiration Date

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7318	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301876	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.4 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9

Credits

This issue was discovered by Todd Cullum (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:08:16.666351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:08:33.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.4",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-324",
              "description": "Use of a Key Past its Expiration Date",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T15:11:07.763Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7318"
        },
        {
          "name": "RHBZ#2301876",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T03:04:38+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-324: Use of a Key Past its Expiration Date"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7318",
    "datePublished": "2024-09-09T18:50:36.583Z",
    "dateReserved": "2024-07-31T03:04:15.355Z",
    "dateUpdated": "2026-01-26T15:11:07.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7260 (GCVE-0-2024-7260)

Vulnerability from nvd – Published: 2024-09-09 18:49 – Updated: 2026-01-23 17:00

Title

Keycloak-core: open redirect on account page

Summary

An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks. Once a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain.

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7260	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301875	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 24.0.7 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9

Credits

This issue was discovered by Todd Cullum (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:13:21.486531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:13:53.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:00:35.528Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7260"
        },
        {
          "name": "RHBZ#2301875",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T02:53:42+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: open redirect on account page",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7260",
    "datePublished": "2024-09-09T18:49:59.437Z",
    "dateReserved": "2024-07-30T02:24:02.197Z",
    "dateUpdated": "2026-01-23T17:00:35.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4629 (GCVE-0-2024-4629)

Vulnerability from nvd – Published: 2024-09-03 19:42 – Updated: 2025-11-21 06:53

Title

Keycloak: potential bypass of brute force protection

Summary

A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-837 - Improper Enforcement of a Single, Unique Action

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-4629	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2276761	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 24.0.3

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T20:20:28.329028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T20:20:42.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-14T16:59:26.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"
          },
          {
            "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "packageName": "keycloak",
          "versions": [
            {
              "status": "affected",
              "version": "24.0.3"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-03T19:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T06:53:31.008Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-4629"
        },
        {
          "name": "RHBZ#2276761",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-23T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-03T19:38:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: potential bypass of brute force protection",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-837: Improper Enforcement of a Single, Unique Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-4629",
    "datePublished": "2024-09-03T19:42:01.318Z",
    "dateReserved": "2024-05-07T20:47:03.184Z",
    "dateUpdated": "2025-11-21T06:53:31.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7885 (GCVE-0-2024-7885)

Vulnerability from nvd – Published: 2024-08-21 14:13 – Updated: 2026-01-19 03:51

Title

Undertow: improper state management in proxy protocol parsing causes information leakage

Summary

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments.

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:11023	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6508	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6883	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7441	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7442	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7735	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7736	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8080	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16667	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0743	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7885	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2305290	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 2.2.36.Final (custom)
Affected: 2.3.0.Alpha1 , < 2.3.17.Final (custom)

Red Hat	HawtIO 4.0.0 for Red Hat build of Apache Camel 4	cpe:/a:redhat:rhboac_hawtio:4.0.0
Red Hat	Red Hat build of Apache Camel 3.20.7 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:3.20.7
Red Hat	Red Hat build of Apache Camel 4.4.2 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:4.4.2
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.11.0-1.redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.7.2-19.Final_redhat_00020.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-5.SP6_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:7.3.15-5.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-3.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.7.2-20.Final_redhat_00021.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:4.1.63-6.Final_redhat_00004.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-6.SP7_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:7.3.16-3.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.11.9-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.11.9-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat build of Apache Camel for Spring Boot 3	cpe:/a:redhat:camel_spring_boot:3
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:3
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Integration Camel K 1	cpe:/a:redhat:integration:1
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Credits

Red Hat would like to thank BfC for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T15:21:22.416004Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T15:21:42.735Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-11T22:03:18.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/undertow-io/undertow",
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "versions": [
            {
              "lessThan": "2.2.36.Final",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.17.Final",
              "status": "affected",
              "version": "2.3.0.Alpha1",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhboac_hawtio:4.0.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-commons-beanutils",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.0-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hornetq",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.11-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.2-19.Final_redhat_00020.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-5.SP6_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.15-5.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-databind",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-6.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-jaxrs-providers",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-6.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-java8",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-3.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.2-20.Final_redhat_00021.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.63-6.Final_redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-6.SP7_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.16-3.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-amazon-ion-java",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.9-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.3.1-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.3-13.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-amazon-ion-java",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.9-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.3.1-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.3-13.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_spring_boot:3"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel for Spring Boot 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel - HawtIO 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-undertow",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Integration Camel K 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank BfC for reporting this issue."
        }
      ],
      "datePublic": "2024-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-19T03:51:37.166Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:11023",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:11023"
        },
        {
          "name": "RHSA-2024:6508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6508"
        },
        {
          "name": "RHSA-2024:6883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6883"
        },
        {
          "name": "RHSA-2024:7441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7441"
        },
        {
          "name": "RHSA-2024:7442",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7442"
        },
        {
          "name": "RHSA-2024:7735",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7735"
        },
        {
          "name": "RHSA-2024:7736",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7736"
        },
        {
          "name": "RHSA-2024:8080",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8080"
        },
        {
          "name": "RHSA-2025:16667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16667"
        },
        {
          "name": "RHSA-2026:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0743"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7885"
        },
        {
          "name": "RHBZ#2305290",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-16T09:00:41.686000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-07T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Undertow: improper state management in proxy protocol parsing causes information leakage",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7885",
    "datePublished": "2024-08-21T14:13:36.579Z",
    "dateReserved": "2024-08-16T15:35:47.357Z",
    "dateUpdated": "2026-01-19T03:51:37.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-6787 (GCVE-0-2023-6787)

Vulnerability from nvd – Published: 2024-04-25 16:02 – Updated: 2025-11-11 15:57

Title

Keycloak: session hijacking via re-authentication

Summary

A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session.

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1867	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1868	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6787	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254375	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/security/adv…

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.10 (semver)
Affected: 0 , < 24.0.3 (semver)

Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-13 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-16 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22.0.10	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T19:40:17.217959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:12.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:07.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1867"
          },
          {
            "name": "RHSA-2024:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1868"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
          },
          {
            "name": "RHBZ#2254375",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "22.0.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat build of Keycloak 22.0.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:57:32.291Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1867"
        },
        {
          "name": "RHSA-2024:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1868"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
        },
        {
          "name": "RHBZ#2254375",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
        },
        {
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-03T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: session hijacking via re-authentication",
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6787",
    "datePublished": "2024-04-25T16:02:32.916Z",
    "dateReserved": "2023-12-13T16:22:00.344Z",
    "dateUpdated": "2025-11-11T15:57:32.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-1132 (GCVE-0-2024-1132)

Vulnerability from nvd – Published: 2024-04-17 13:21 – Updated: 2026-01-16 13:47

Title

Keycloak: path transversal in redirection validation

Summary

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1860	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1861	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1862	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1864	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1866	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1867	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1868	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2945	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3752	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3762	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3919	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3989	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-1132	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2262117	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 21.1.0 , < 22.0.10 (semver)
Affected: 23.0.0 , < 24.0.3 (semver)

Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-23 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-15 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-16 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-14 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	MTA-6.2-RHEL-9	Unaffected: 6.2.3-2 , < * (rpm) cpe:/a:redhat:migration_toolkit_applications:6.2::el9 cpe:/a:redhat:migration_toolkit_applications:6.2::el8
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.10
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.11
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.12
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-13 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-16 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22.0.10	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.13-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.13-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.13-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-46 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHSSO 7.6.8	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat build of Apicurio Registry 2	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:3
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Decision Manager 7	cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform 6	cpe:/a:redhat:jboss_enterprise_application_platform:6
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7

Credits

Red Hat would like to thank Axel Flamcourt for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1132",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T18:37:10.567431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:59:39.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:30.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1860"
          },
          {
            "name": "RHSA-2024:1861",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1861"
          },
          {
            "name": "RHSA-2024:1862",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1862"
          },
          {
            "name": "RHSA-2024:1864",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1864"
          },
          {
            "name": "RHSA-2024:1866",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1866"
          },
          {
            "name": "RHSA-2024:1867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1867"
          },
          {
            "name": "RHSA-2024:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1868"
          },
          {
            "name": "RHSA-2024:2945",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2945"
          },
          {
            "name": "RHSA-2024:3752",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3752"
          },
          {
            "name": "RHSA-2024:3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3762"
          },
          {
            "name": "RHSA-2024:3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3919"
          },
          {
            "name": "RHSA-2024:3989",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3989"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
          },
          {
            "name": "RHBZ#2262117",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "22.0.10",
              "status": "affected",
              "version": "21.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.3",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-operator-bundle",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-23",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-rhel8-operator",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-executor-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mta/mta-windup-addon-rhel9",
          "product": "MTA-6.2-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "6.2.3-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.10"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.11"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.12"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat build of Keycloak 22.0.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-46",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rh-sso7-keycloak",
          "product": "RHSSO 7.6.8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_registry:2"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat build of Apicurio Registry 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-core",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security-wildfly-elytron-parent",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak",
          "product": "Red Hat Decision Manager 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue."
        }
      ],
      "datePublic": "2024-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T13:47:13.836Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1860"
        },
        {
          "name": "RHSA-2024:1861",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1861"
        },
        {
          "name": "RHSA-2024:1862",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1862"
        },
        {
          "name": "RHSA-2024:1864",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1864"
        },
        {
          "name": "RHSA-2024:1866",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1866"
        },
        {
          "name": "RHSA-2024:1867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1867"
        },
        {
          "name": "RHSA-2024:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1868"
        },
        {
          "name": "RHSA-2024:2945",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "name": "RHSA-2024:3752",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3752"
        },
        {
          "name": "RHSA-2024:3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3762"
        },
        {
          "name": "RHSA-2024:3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "name": "RHSA-2024:3989",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "name": "RHBZ#2262117",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-31T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-16T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: path transversal in redirection validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigation is available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1132",
    "datePublished": "2024-04-17T13:21:19.130Z",
    "dateReserved": "2024-01-31T17:07:33.455Z",
    "dateUpdated": "2026-01-16T13:47:13.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-7784 (GCVE-0-2025-7784)

Vulnerability from cvelistv5 – Published: 2025-07-18 13:48 – Updated: 2025-11-07 21:37

Title

Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-269 - Improper Privilege Management

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:12015	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:12016	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-7784	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2381861	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 26.2.6 (semver)

Red Hat	Red Hat build of Keycloak 26	cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2.6-1 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat build of Keycloak 26.2	Unaffected: 26.2-6 , < * (rpm) cpe:/a:redhat:build_keycloak:26.2::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Credits

Red Hat would like to thank Patrick Kutz for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-7784",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-07-18T14:46:09.378551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-07-18T14:56:11.472Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "26.2.6",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat build of Keycloak 26",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2.6-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.2::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.2",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.2-6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Patrick Kutz for reporting this issue."
        }
      ],
      "datePublic": "2025-07-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege enforcement. This vulnerability allows unauthorized elevation of access rights, compromising the intended separation of administrative duties and posing a security risk to the realm."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-269",
              "description": "Improper Privilege Management",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-07T21:37:40.791Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:12015",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12015"
        },
        {
          "name": "RHSA-2025:12016",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:12016"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-7784"
        },
        {
          "name": "RHBZ#2381861",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2381861"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-07-18T05:54:39.333000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-07-18T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak/keycloak-services: privilege escalation in keycloak admin console (fgapv2 enabled)",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-269: Improper Privilege Management"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-7784",
    "datePublished": "2025-07-18T13:48:45.713Z",
    "dateReserved": "2025-07-18T06:05:57.305Z",
    "dateUpdated": "2025-11-07T21:37:40.791Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-3910 (GCVE-0-2025-3910)

Vulnerability from cvelistv5 – Published: 2025-04-29 20:46 – Updated: 2026-01-29 19:37

Title

Org.keycloak.authentication: two factor authentication bypass

Summary

Severity ?

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:4335	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:4336	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2025-3910	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2361923	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/issues/39349

Impacted products

Vendor

Product

Version

Affected: 25.0.0 , < 25.* (semver)
Affected: 26.0.0 , < 26.0.11 (semver)
Unknown: 26.1.0 , < 26.1.* (semver)
Affected: 26.2.0 , < 26.2.2 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:26
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0.11-2 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0-12 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9
Red Hat	Red Hat build of Keycloak 26.0	Unaffected: 26.0-13 , < * (rpm) cpe:/a:redhat:build_keycloak:26.0::el9

Credits

This issue was discovered by Marek Posolda (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-3910",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-30T15:52:31.582697Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-30T15:53:38.734Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://www.keycloak.org/",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "25.*",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.0.11",
              "status": "affected",
              "version": "26.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.1.*",
              "status": "unknown",
              "version": "26.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "26.2.2",
              "status": "affected",
              "version": "26.2.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak.authentication",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0.11-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-12",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:26.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 26.0",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "26.0-13",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Marek Posolda (Red Hat)."
        }
      ],
      "datePublic": "2025-04-29T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak. The org.keycloak.authorization package may be vulnerable to circumventing required actions, allowing users to circumvent requirements such as setting up two-factor authentication."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-29T19:37:51.422Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:4335",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4335"
        },
        {
          "name": "RHSA-2025:4336",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:4336"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2025-3910"
        },
        {
          "name": "RHBZ#2361923",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361923"
        },
        {
          "url": "https://github.com/keycloak/keycloak/issues/39349"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-04-23T19:23:26.537000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2025-04-29T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Org.keycloak.authentication: two factor authentication bypass",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigations are available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2025-3910",
    "datePublished": "2025-04-29T20:46:39.828Z",
    "dateReserved": "2025-04-23T19:29:10.054Z",
    "dateUpdated": "2026-01-29T19:37:51.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-10234 (GCVE-0-2024-10234)

Vulnerability from cvelistv5 – Published: 2024-10-22 13:17 – Updated: 2025-11-11 16:05

Title

Wildfly: wildfly vulnerable to cross-site scripting (xss)

Summary

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2025:10924	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10925	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10926	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:10931	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11636	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11638	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11639	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11640	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:11645	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2025	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2026	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:2029	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-10234	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2320848	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 35.0.0 , < 35.0.0 (semver)

Red Hat	Red Hat JBoss Enterprise Application Platform 7.4.23	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.16.0-21.redhat_00055.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.5.10-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 1:1.0.2-5.redhat_00004.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.16.0-21.redhat_00055.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.5.10-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 1:1.0.2-5.redhat_00004.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.16.0-21.redhat_00055.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.5.10-1.redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 1:1.0.2-5.redhat_00004.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.9.6-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.3.14-9.SP10_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:3.3.27-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:6.0.23-3.SP2_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.5.21-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.10.0-42.Final_redhat_00042.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:5.4.15-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.23-3.GA_redhat_00002.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:1.15.26-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.6.6-5.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.13-2.redhat_5.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.214-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-4.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.2-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.1.0-3.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.13-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.0-2.redhat_8.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.9.0-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.21-2.redhat_00001.2.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.4.0-3.redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.0-3.redhat_12.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.6.6-5.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.6.0-2.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.13-2.redhat_5.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.214-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.6.23-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.6-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-4.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.2-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.1.0-3.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.13-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.19-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.5.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.4.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.3.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.1.0-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:7.3.1-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.0.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.0-2.redhat_8.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.9.0-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.0.1-2.Final_redhat_3.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.21-2.redhat_00001.2.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.4.0-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.6-5.GA_redhat_00004.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.6.0-4.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.4.0-3.redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.0-3.redhat_12.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.19-1.redhat_00002.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.19-1.redhat_00002.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.19-1.redhat_00002.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-67 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-10234",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-22T17:41:01.307691Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-22T17:41:14.160Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/wildfly/wildfly",
          "defaultStatus": "unaffected",
          "packageName": "wildfly",
          "versions": [
            {
              "lessThan": "35.0.0",
              "status": "affected",
              "version": "35.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4.23",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.16.0-21.redhat_00055.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.10-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:1.0.2-5.redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-elytron-web",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.6-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-glassfish-jsf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-9.SP10_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.27-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.23-3.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-ironjacamar",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.21-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.10.0-42.Final_redhat_00042.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.4.15-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.23-3.GA_redhat_00002.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly-elytron",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.15.26-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-azure-storage",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.6.6-5.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.6.0-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-gnu-getopt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.13-2.redhat_5.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-h2database",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.214-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hal-console",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.6.23-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-commons-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.6-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jackson-coreutils",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authentication-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-authorization-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-concurrent-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.2-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-enterprise-lang-model",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-security-enterprise-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.1.0-3.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-javaewah",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.13-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-aesh",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-common-beans",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-dmr",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-ejb3-ext-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-el-api_5.0_spec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-genericjms",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-iiop-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-invocation",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.19-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-msc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.5.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-remoting-jmx",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-stdio",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-threads",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-transaction-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-vfs",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.3.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.1.0-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.1-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jbossws-spi",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.0.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jcip-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.0-2.redhat_8.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-json-patch",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.9.0-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jul-to-slf4j-stub",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.0.1-2.Final_redhat_3.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-reactivex-rxjava2",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.21-2.redhat_00001.2.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j-jboss-logmanager",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-staxmapper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.4.0-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.6-5.GA_redhat_00004.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly-common",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.6.0-4.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-woodstox-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.4.0-3.redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-xml-commons-resolver",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.0-3.redhat_12.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-client",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.19-1.redhat_00002.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-67",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.core/wildfly-core-management-subsystem",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-10-22T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T16:05:02.693Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2025:10924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10924"
        },
        {
          "name": "RHSA-2025:10925",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10925"
        },
        {
          "name": "RHSA-2025:10926",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10926"
        },
        {
          "name": "RHSA-2025:10931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:10931"
        },
        {
          "name": "RHSA-2025:11636",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11636"
        },
        {
          "name": "RHSA-2025:11638",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11638"
        },
        {
          "name": "RHSA-2025:11639",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11639"
        },
        {
          "name": "RHSA-2025:11640",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11640"
        },
        {
          "name": "RHSA-2025:11645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:11645"
        },
        {
          "name": "RHSA-2025:2025",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2025"
        },
        {
          "name": "RHSA-2025:2026",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2026"
        },
        {
          "name": "RHSA-2025:2029",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:2029"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "name": "RHBZ#2320848",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-10-22T01:46:48.739000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-10-22T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Wildfly: wildfly vulnerable to cross-site scripting (xss)",
      "x_redhatCweChain": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-10234",
    "datePublished": "2024-10-22T13:17:57.891Z",
    "dateReserved": "2024-10-22T01:50:57.793Z",
    "dateUpdated": "2025-11-11T16:05:02.693Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-8883 (GCVE-0-2024-8883)

Vulnerability from cvelistv5 – Published: 2024-09-19 15:48 – Updated: 2026-01-23 17:03

Title

Keycloak: vulnerable redirect uri validation results in open redirec

Summary

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:10385	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:10386	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6878	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6879	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6880	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6882	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6886	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6887	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6888	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6889	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6890	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8823	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8824	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8826	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-8883	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2312511	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/blob/main/se…

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.13-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-18 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-21 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.8-1 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-17 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.33.0-1.redhat_00015.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.8.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.16.1-2.redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.2.2-28.redhat_2.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.15.1-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.14.0-2.redhat_00006.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.5-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 1:2.0.0-2.redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.1.0-2.redhat_00010.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.12.284-2.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.2.5-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.1.0-4.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:0.8.1-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.1.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:4.0.2-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.22.1-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.37.3-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:9.6.0-1.redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:3.0.4-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.0-6.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.0.16-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.2.0-1.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.1-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-3.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.33.0-1.redhat_00015.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.8.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.16.1-2.redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.2.2-28.redhat_2.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.15.1-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.14.0-2.redhat_00006.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.5-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 1:2.0.0-2.redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.1.0-2.redhat_00010.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.12.284-2.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.2.5-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.4.0-1.GA_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.1.0-4.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.2.31-1.Final_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:0.8.1-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.1.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.5.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:4.0.2-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:5.3.10-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.22.1-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:6.0.3-1.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.37.3-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:9.6.0-1.redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.1-3.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.1-2.Final_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:3.0.4-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.0-6.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.0.16-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.2.0-1.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.4-2.GA_redhat_00005.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.18-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.18-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.18-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-54 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8

Credits

Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8883",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-19T17:28:37.383842Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-19T17:56:50.064Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.13-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-18",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-21",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.8-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.1-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-3.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.33.0-1.redhat_00015.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-activemq-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.8.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aesh-readline",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-codec",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.16.1-2.redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-collections",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.2.2-28.redhat_2.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-io",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.15.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-commons-lang",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.14.0-2.redhat_00006.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-apache-cxf",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.5-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-native",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1:2.0.0-2.redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-artemis-wildfly-integration",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-asyncutil",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.1.0-2.redhat_00010.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-aws-java-sdk",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.12.284-2.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-cryptacular",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.2.5-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.4.0-1.GA_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-fastinfoset",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.1.0-4.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.2.31-1.Final_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hibernate-validator",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-hppc",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:0.8.1-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-insights-java-client",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jakarta-servlet-jsp-jstl-api",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-cert-helper",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.1.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jboss-logging",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.5.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jctools",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.0.2-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-jgroups",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.3.10-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-log4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.22.1-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-narayana",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:6.0.3-1.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-nimbus-jose-jwt",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.37.3-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-objectweb-asm",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:9.6.0-1.redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-pem-keystore",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-extensions",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.1-3.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-resteasy-spring",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.1-2.Final_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-saaj-impl",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:3.0.4-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-shibboleth-java-support",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.0-6.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-slf4j",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.16-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-snakeyaml",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.0-1.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.4-2.GA_redhat_00005.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.18-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-54",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Karsten Meyer zu Selhausen and Niklas Conrad for reporting this issue."
        }
      ],
      "datePublic": "2024-09-19T15:13:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a \u0027Valid Redirect URI\u0027 is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:03:54.986Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:10385",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10385"
        },
        {
          "name": "RHSA-2024:10386",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:10386"
        },
        {
          "name": "RHSA-2024:6878",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6878"
        },
        {
          "name": "RHSA-2024:6879",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6879"
        },
        {
          "name": "RHSA-2024:6880",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6880"
        },
        {
          "name": "RHSA-2024:6882",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6882"
        },
        {
          "name": "RHSA-2024:6886",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6886"
        },
        {
          "name": "RHSA-2024:6887",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6887"
        },
        {
          "name": "RHSA-2024:6888",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6888"
        },
        {
          "name": "RHSA-2024:6889",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6889"
        },
        {
          "name": "RHSA-2024:6890",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6890"
        },
        {
          "name": "RHSA-2024:8823",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8823"
        },
        {
          "name": "RHSA-2024:8824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8824"
        },
        {
          "name": "RHSA-2024:8826",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8826"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-8883"
        },
        {
          "name": "RHBZ#2312511",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2312511"
        },
        {
          "url": "https://github.com/keycloak/keycloak/blob/main/services/src/main/java/org/keycloak/protocol/oidc/utils/RedirectUtils.java"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-09-16T06:17:01.573000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-19T15:13:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: vulnerable redirect uri validation results in open redirec",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-8883",
    "datePublished": "2024-09-19T15:48:28.468Z",
    "dateReserved": "2024-09-16T06:45:30.550Z",
    "dateUpdated": "2026-01-23T17:03:54.986Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7341 (GCVE-0-2024-7341)

Vulnerability from cvelistv5 – Published: 2024-09-09 18:51 – Updated: 2026-01-26 14:50

Title

Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters

Summary

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE

CWE-384 - Session Fixation

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7341	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2302064	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.12 (semver)
Affected: 23.0.0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.5 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7341",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:59:06.075961Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:59:16.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak:keycloak-services",
          "versions": [
            {
              "lessThan": "22.0.12",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.5",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "affected",
          "packageName": "org.keycloak/keycloak-services",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-09T13:48:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A session fixation issue was discovered in the SAML adapters provided by Keycloak. The session ID and JSESSIONID cookie are not changed at login time, even when the turnOffChangeSessionIdOnLogin option is configured. This flaw allows an attacker who hijacks the current session before authentication to trigger session fixation."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-384",
              "description": "Session Fixation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T14:50:24.980Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7341"
        },
        {
          "name": "RHBZ#2302064",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2302064"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T15:02:21+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:48:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Wildfly-elytron: org.keycloak/keycloak-services: session fixation in elytron saml adapters",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-384: Session Fixation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7341",
    "datePublished": "2024-09-09T18:51:13.537Z",
    "dateReserved": "2024-07-31T15:13:22.220Z",
    "dateUpdated": "2026-01-26T14:50:24.980Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7318 (GCVE-0-2024-7318)

Vulnerability from cvelistv5 – Published: 2024-09-09 18:50 – Updated: 2026-01-26 15:11

Title

Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity

Summary

Severity ?

4.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-324 - Use of a Key Past its Expiration Date

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7318	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301876	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 24.0.7 (semver)
Affected: 25.0.0 , < 25.0.4 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9

Credits

This issue was discovered by Todd Cullum (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7318",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:08:16.666351Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:08:33.567Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "25.0.4",
              "status": "affected",
              "version": "25.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. Expired OTP codes are still usable when using FreeOTP when the OTP token period is set to 30 seconds (default). Instead of expiring and deemed unusable around 30 seconds in, the tokens are valid for an additional 30 seconds totaling 1 minute.\r\nA one time passcode that is valid longer than its expiration time increases the attack window for malicious actors to abuse the system and compromise accounts. Additionally, it increases the attack surface because at any given time, two OTPs are valid."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-324",
              "description": "Use of a Key Past its Expiration Date",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-26T15:11:07.763Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7318"
        },
        {
          "name": "RHBZ#2301876",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301876"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T03:04:38+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: one time passcode (otp) is valid longer than expiration timeseverity",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-324: Use of a Key Past its Expiration Date"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7318",
    "datePublished": "2024-09-09T18:50:36.583Z",
    "dateReserved": "2024-07-31T03:04:15.355Z",
    "dateUpdated": "2026-01-26T15:11:07.763Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7260 (GCVE-0-2024-7260)

Vulnerability from cvelistv5 – Published: 2024-09-09 18:49 – Updated: 2026-01-23 17:00

Title

Keycloak-core: open redirect on account page

Summary

Severity ?

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6502	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6503	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7260	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2301875	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 24.0.7 (semver)

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:24
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24.0.7-4 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9
Red Hat	Red Hat build of Keycloak 24	Unaffected: 24-16 , < * (rpm) cpe:/a:redhat:build_keycloak:24::el9

Credits

This issue was discovered by Todd Cullum (Red Hat).

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7260",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-09T19:13:21.486531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-09T19:13:53.628Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "24.0.7",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24.0.7-4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:24::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 24",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "24-16",
              "versionType": "rpm"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "This issue was discovered by Todd Cullum (Red Hat)."
        }
      ],
      "datePublic": "2024-09-09T13:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An open redirect vulnerability was found in Keycloak. A specially crafted URL can be constructed where the referrer and referrer_uri parameters are made to trick a user to visit a malicious webpage. A trusted URL can trick users and automation into believing that the URL is safe, when, in fact, it redirects to a malicious server. This issue can result in a victim inadvertently trusting the destination of the redirect, potentially leading to a successful phishing attack or other types of attacks.\r\n\r\nOnce a crafted URL is made, it can be sent to a Keycloak admin via email for example. This will trigger this vulnerability when the user visits the page and clicks the link. A malicious actor can use this to target users they know are Keycloak admins for further attacks. It may also be possible to bypass other domain-related security checks, such as supplying this as a OAuth redirect uri. The malicious actor can further obfuscate the redirect_uri using URL encoding, to hide the text of the actual malicious website domain."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-601",
              "description": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-23T17:00:35.528Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6502",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6502"
        },
        {
          "name": "RHSA-2024:6503",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6503"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7260"
        },
        {
          "name": "RHBZ#2301875",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301875"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-07-31T02:53:42+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-09T13:55:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak-core: open redirect on account page",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7260",
    "datePublished": "2024-09-09T18:49:59.437Z",
    "dateReserved": "2024-07-30T02:24:02.197Z",
    "dateUpdated": "2026-01-23T17:00:35.528Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-4629 (GCVE-0-2024-4629)

Vulnerability from cvelistv5 – Published: 2024-09-03 19:42 – Updated: 2025-11-21 06:53

Title

Keycloak: potential bypass of brute force protection

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE

CWE-837 - Improper Enforcement of a Single, Unique Action

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:6493	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6494	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6495	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6497	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6499	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6500	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6501	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-4629	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2276761	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 24.0.3

Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.12-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-17 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-20 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.16-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.16-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.16-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-52 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-4629",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T20:20:28.329028Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T20:20:42.938Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-11-14T16:59:26.284Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.humanativaspa.it/an-analysis-of-the-keycloak-authentication-system/"
          },
          {
            "url": "https://github.com/hnsecurity/vulns/blob/main/HNS-2024-09-Keycloak.md"
          }
        ],
        "title": "CVE Program Container",
        "x_generator": {
          "engine": "ADPogram 0.0.1"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "packageName": "keycloak",
          "versions": [
            {
              "status": "affected",
              "version": "24.0.3"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.12-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-17",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-20",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.16-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-52",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak-keycloak-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-09-03T19:38:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Keycloak. This flaw allows attackers to bypass brute force protection by exploiting the timing of login attempts. By initiating multiple login requests simultaneously, attackers can exceed the configured limits for failed attempts before the system locks them out. This timing loophole enables attackers to make more guesses at passwords than intended, potentially compromising account security on affected systems."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Low"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-837",
              "description": "Improper Enforcement of a Single, Unique Action",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-21T06:53:31.008Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:6493",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6493"
        },
        {
          "name": "RHSA-2024:6494",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6494"
        },
        {
          "name": "RHSA-2024:6495",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6495"
        },
        {
          "name": "RHSA-2024:6497",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6497"
        },
        {
          "name": "RHSA-2024:6499",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6499"
        },
        {
          "name": "RHSA-2024:6500",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6500"
        },
        {
          "name": "RHSA-2024:6501",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6501"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-4629"
        },
        {
          "name": "RHBZ#2276761",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-04-23T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-09-03T19:38:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: potential bypass of brute force protection",
      "workarounds": [
        {
          "lang": "en",
          "value": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
        }
      ],
      "x_redhatCweChain": "CWE-837: Improper Enforcement of a Single, Unique Action"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-4629",
    "datePublished": "2024-09-03T19:42:01.318Z",
    "dateReserved": "2024-05-07T20:47:03.184Z",
    "dateUpdated": "2025-11-21T06:53:31.008Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-7885 (GCVE-0-2024-7885)

Vulnerability from cvelistv5 – Published: 2024-08-21 14:13 – Updated: 2026-01-19 03:51

Title

Undertow: improper state management in proxy protocol parsing causes information leakage

Summary

Severity ?

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:11023	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6508	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:6883	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7441	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7442	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7735	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:7736	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:8080	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2025:16667	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2026:0743	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-7885	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2305290	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 0 , < 2.2.36.Final (custom)
Affected: 2.3.0.Alpha1 , < 2.3.17.Final (custom)

Red Hat	HawtIO 4.0.0 for Red Hat build of Apache Camel 4	cpe:/a:redhat:rhboac_hawtio:4.0.0
Red Hat	Red Hat build of Apache Camel 3.20.7 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:3.20.7
Red Hat	Red Hat build of Apache Camel 4.4.2 for Spring Boot	cpe:/a:redhat:apache_camel_spring_boot:4.4.2
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7.4
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.11.0-1.redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.4.11-1.Final_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.7.2-19.Final_redhat_00020.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-5.SP6_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:7.3.15-5.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-4.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-6.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.10.4-3.redhat_00008.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:1.7.2-20.Final_redhat_00021.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:4.1.63-6.Final_redhat_00004.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:2.0.41-6.SP7_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7	Unaffected: 0:7.3.16-3.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:2.2.33-2.SP2_redhat_00001.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7	Unaffected: 0:7.4.18-1.GA_redhat_00003.1.el7eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7
Red Hat	Red Hat JBoss Enterprise Application Platform 8	cpe:/a:redhat:jboss_enterprise_application_platform:8.0
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:1.11.9-2.redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el8eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:1.11.9-2.redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:800.3.1-2.GA_redhat_00002.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:2.3.14-2.SP2_redhat_00001.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9	Unaffected: 0:8.0.3-13.GA_redhat_00007.1.el9eap , < * (rpm) cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Red Hat	Red Hat build of Apache Camel for Spring Boot 3	cpe:/a:redhat:camel_spring_boot:3
Red Hat	Red Hat build of Apache Camel - HawtIO 4	cpe:/a:redhat:apache_camel_hawtio:4
Red Hat	Red Hat Build of Keycloak	cpe:/a:redhat:build_keycloak:
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:3
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat Integration Camel K 1	cpe:/a:redhat:integration:1
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform Expansion Pack	cpe:/a:redhat:jbosseapxp
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Credits

Red Hat would like to thank BfC for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-7885",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-08-21T15:21:22.416004Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-21T15:21:42.735Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-10-11T22:03:18.905Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20241011-0004/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/undertow-io/undertow",
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "versions": [
            {
              "lessThan": "2.2.36.Final",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThan": "2.3.17.Final",
              "status": "affected",
              "version": "2.3.0.Alpha1",
              "versionType": "custom"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhboac_hawtio:4.0.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "HawtIO 4.0.0 for Red Hat build of Apache Camel 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:3.20.7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel 3.20.7 for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_spring_boot:4.4.2"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel 4.4.2 for Spring Boot",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-apache-commons-beanutils",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.0-1.redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-hornetq",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.4.11-1.Final_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.2-19.Final_redhat_00020.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-5.SP6_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.15-5.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-annotations",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-databind",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-6.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-jaxrs-providers",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-4.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-base",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-6.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jackson-modules-java8",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.10.4-3.redhat_00008.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-jboss-server-migration",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.7.2-20.Final_redhat_00021.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-netty",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.1.63-6.Final_redhat_00004.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.0.41-6.SP7_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.3.16-3.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.2.33-2.SP2_redhat_00001.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "eap7-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:7.4.18-1.GA_redhat_00003.1.el7eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-amazon-ion-java",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.9-2.redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.3.1-2.GA_redhat_00002.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-2.SP2_redhat_00001.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.3-13.GA_redhat_00007.1.el8eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-amazon-ion-java",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:1.11.9-2.redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-eap-product-conf-parent",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:800.3.1-2.GA_redhat_00002.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-undertow",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:2.3.14-2.SP2_redhat_00001.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8",
            "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "eap8-wildfly",
          "product": "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:8.0.3-13.GA_redhat_00007.1.el9eap",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:camel_spring_boot:3"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel for Spring Boot 3",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:apache_camel_hawtio:4"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat build of Apache Camel - HawtIO 4",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Build of Keycloak",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "io.quarkus/quarkus-undertow",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:integration:1"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Integration Camel K 1",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jbosseapxp"
          ],
          "defaultStatus": "unaffected",
          "packageName": "undertow-core",
          "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "undertow",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "undertow",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank BfC for reporting this issue."
        }
      ],
      "datePublic": "2024-08-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which could lead to unintended data exposure. This issue primarily results in errors and connection termination but creates a risk of data leakage in multi-request environments."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-362",
              "description": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-19T03:51:37.166Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:11023",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:11023"
        },
        {
          "name": "RHSA-2024:6508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6508"
        },
        {
          "name": "RHSA-2024:6883",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:6883"
        },
        {
          "name": "RHSA-2024:7441",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7441"
        },
        {
          "name": "RHSA-2024:7442",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7442"
        },
        {
          "name": "RHSA-2024:7735",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7735"
        },
        {
          "name": "RHSA-2024:7736",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:7736"
        },
        {
          "name": "RHSA-2024:8080",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:8080"
        },
        {
          "name": "RHSA-2025:16667",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2025:16667"
        },
        {
          "name": "RHSA-2026:0743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2026:0743"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-7885"
        },
        {
          "name": "RHBZ#2305290",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2305290"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-08-16T09:00:41.686000+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-08-07T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Undertow: improper state management in proxy protocol parsing causes information leakage",
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-7885",
    "datePublished": "2024-08-21T14:13:36.579Z",
    "dateReserved": "2024-08-16T15:35:47.357Z",
    "dateUpdated": "2026-01-19T03:51:37.166Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2023-6787 (GCVE-0-2023-6787)

Vulnerability from cvelistv5 – Published: 2024-04-25 16:02 – Updated: 2025-11-11 15:57

Title

Keycloak: session hijacking via re-authentication

Summary

Severity ?

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CWE

CWE-287 - Improper Authentication

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1867	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1868	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2023-6787	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2254375	issue-trackingx_refsource_REDHAT
	https://github.com/keycloak/keycloak/security/adv…

Impacted products

Vendor

Product

Version

Affected: 0 , < 22.0.10 (semver)
Affected: 0 , < 24.0.3 (semver)

Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-13 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-16 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22.0.10	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Single Sign-On 7	cpe:/a:redhat:red_hat_single_sign_on:7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-6787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-25T19:40:17.217959Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-287",
                "description": "CWE-287 Improper Authentication",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:17:12.505Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:42:07.631Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1867"
          },
          {
            "name": "RHSA-2024:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1868"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
          },
          {
            "name": "RHBZ#2254375",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "22.0.10",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat build of Keycloak 22.0.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2024-02-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter \"prompt=login,\" prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting \"Restart login,\" an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-11T15:57:32.291Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1867"
        },
        {
          "name": "RHSA-2024:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1868"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-6787"
        },
        {
          "name": "RHBZ#2254375",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254375"
        },
        {
          "url": "https://github.com/keycloak/keycloak/security/advisories/GHSA-c9h6-v78w-52wj"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-05-03T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-02-21T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: session hijacking via re-authentication",
      "x_redhatCweChain": "CWE-287: Improper Authentication"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-6787",
    "datePublished": "2024-04-25T16:02:32.916Z",
    "dateReserved": "2023-12-13T16:22:00.344Z",
    "dateUpdated": "2025-11-11T15:57:32.291Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2024-1132 (GCVE-0-2024-1132)

Vulnerability from cvelistv5 – Published: 2024-04-17 13:21 – Updated: 2026-01-16 13:47

Title

Keycloak: path transversal in redirection validation

Summary

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Assigner

redhat

References

URL

Tags

	https://access.redhat.com/errata/RHSA-2024:1860	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1861	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1862	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1864	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1866	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1867	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:1868	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:2945	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3752	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3762	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3919	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2024:3989	vendor-advisoryx_refsource_REDHAT
	https://access.redhat.com/security/cve/CVE-2024-1132	vdb-entryx_refsource_REDHAT
	https://bugzilla.redhat.com/show_bug.cgi?id=2262117	issue-trackingx_refsource_REDHAT

Impacted products

Vendor

Product

Version

Affected: 21.1.0 , < 22.0.10 (semver)
Affected: 23.0.0 , < 24.0.3 (semver)

Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-23 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-15 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-16 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	Migration Toolkit for Runtimes 1 on RHEL 8	Unaffected: 1.2-14 , < * (rpm) cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8
Red Hat	MTA-6.2-RHEL-9	Unaffected: 6.2.3-2 , < * (rpm) cpe:/a:redhat:migration_toolkit_applications:6.2::el9 cpe:/a:redhat:migration_toolkit_applications:6.2::el8
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.10
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.11
Red Hat	Red Hat AMQ Broker 7	cpe:/a:redhat:amq_broker:7.12
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22.0.10-1 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-13 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22	Unaffected: 22-16 , < * (rpm) cpe:/a:redhat:build_keycloak:22::el9
Red Hat	Red Hat build of Keycloak 22.0.10	cpe:/a:redhat:build_keycloak:22
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 7	Unaffected: 0:18.0.13-1.redhat_00001.1.el7sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el7
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 8	Unaffected: 0:18.0.13-1.redhat_00001.1.el8sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el8
Red Hat	Red Hat Single Sign-On 7.6 for RHEL 9	Unaffected: 0:18.0.13-1.redhat_00001.1.el9sso , < * (rpm) cpe:/a:redhat:red_hat_single_sign_on:7.6::el9
Red Hat	RHEL-8 based Middleware Containers	Unaffected: 7.6-46 , < * (rpm) cpe:/a:redhat:rhosemc:1.0::el8
Red Hat	RHSSO 7.6.8	cpe:/a:redhat:red_hat_single_sign_on:7.6
Red Hat	Red Hat build of Apicurio Registry 2	cpe:/a:redhat:service_registry:2
Red Hat	Red Hat build of Quarkus	cpe:/a:redhat:quarkus:3
Red Hat	Red Hat Data Grid 8	cpe:/a:redhat:jboss_data_grid:8
Red Hat	Red Hat Decision Manager 7	cpe:/a:redhat:jboss_enterprise_brms_platform:7
Red Hat	Red Hat Fuse 7	cpe:/a:redhat:jboss_fuse:7
Red Hat	Red Hat JBoss Data Grid 7	cpe:/a:redhat:jboss_data_grid:7
Red Hat	Red Hat JBoss Enterprise Application Platform 6	cpe:/a:redhat:jboss_enterprise_application_platform:6
Red Hat	Red Hat JBoss Enterprise Application Platform 7	cpe:/a:redhat:jboss_enterprise_application_platform:7
Red Hat	Red Hat Process Automation 7	cpe:/a:redhat:jboss_enterprise_bpms_platform:7

Credits

Red Hat would like to thank Axel Flamcourt for reporting this issue.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-1132",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-04-23T18:37:10.567431Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-22",
                "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:59:39.871Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T18:26:30.564Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:1860",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1860"
          },
          {
            "name": "RHSA-2024:1861",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1861"
          },
          {
            "name": "RHSA-2024:1862",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1862"
          },
          {
            "name": "RHSA-2024:1864",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1864"
          },
          {
            "name": "RHSA-2024:1866",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1866"
          },
          {
            "name": "RHSA-2024:1867",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1867"
          },
          {
            "name": "RHSA-2024:1868",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1868"
          },
          {
            "name": "RHSA-2024:2945",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2945"
          },
          {
            "name": "RHSA-2024:3752",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3752"
          },
          {
            "name": "RHSA-2024:3762",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3762"
          },
          {
            "name": "RHSA-2024:3919",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3919"
          },
          {
            "name": "RHSA-2024:3989",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:3989"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
          },
          {
            "name": "RHBZ#2262117",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://github.com/keycloak/keycloak",
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "versions": [
            {
              "lessThan": "22.0.10",
              "status": "affected",
              "version": "21.1.0",
              "versionType": "semver"
            },
            {
              "lessThan": "24.0.3",
              "status": "affected",
              "version": "23.0.0",
              "versionType": "semver"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-operator-bundle",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-23",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-rhel8-operator",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-15",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mtr/mtr-web-executor-container-rhel8",
          "product": "Migration Toolkit for Runtimes 1 on RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "1.2-14",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el9",
            "cpe:/a:redhat:migration_toolkit_applications:6.2::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "mta/mta-windup-addon-rhel9",
          "product": "MTA-6.2-RHEL-9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "6.2.3-2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.10"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.11"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:amq_broker:7.12"
          ],
          "defaultStatus": "unaffected",
          "product": "Red Hat AMQ Broker 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-operator-bundle",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22.0.10-1",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-13",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rhbk/keycloak-rhel9-operator",
          "product": "Red Hat build of Keycloak 22",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "22-16",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:build_keycloak:22"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat build of Keycloak 22.0.10",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 7",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el7sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el8sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso7-keycloak",
          "product": "Red Hat Single Sign-On 7.6 for RHEL 9",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:18.0.13-1.redhat_00001.1.el9sso",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://catalog.redhat.com/software/containers/",
          "cpes": [
            "cpe:/a:redhat:rhosemc:1.0::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "rh-sso-7/sso76-openshift-rhel8",
          "product": "RHEL-8 based Middleware Containers",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "7.6-46",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:red_hat_single_sign_on:7.6"
          ],
          "defaultStatus": "unaffected",
          "packageName": "rh-sso7-keycloak",
          "product": "RHSSO 7.6.8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:service_registry:2"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat build of Apicurio Registry 2",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:quarkus:3"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.keycloak/keycloak-core",
          "product": "Red Hat build of Quarkus",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:8"
          ],
          "defaultStatus": "unaffected",
          "packageName": "org.wildfly.security-wildfly-elytron-parent",
          "product": "Red Hat Data Grid 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak",
          "product": "Red Hat Decision Manager 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_fuse:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat Fuse 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_data_grid:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak",
          "product": "Red Hat JBoss Data Grid 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "keycloak",
          "product": "Red Hat JBoss Enterprise Application Platform 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_application_platform:7"
          ],
          "defaultStatus": "unaffected",
          "packageName": "keycloak-core",
          "product": "Red Hat JBoss Enterprise Application Platform 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
          ],
          "defaultStatus": "affected",
          "packageName": "keycloak",
          "product": "Red Hat Process Automation 7",
          "vendor": "Red Hat"
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Red Hat would like to thank Axel Flamcourt for reporting this issue."
        }
      ],
      "datePublic": "2024-04-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Important"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T13:47:13.836Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:1860",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1860"
        },
        {
          "name": "RHSA-2024:1861",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1861"
        },
        {
          "name": "RHSA-2024:1862",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1862"
        },
        {
          "name": "RHSA-2024:1864",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1864"
        },
        {
          "name": "RHSA-2024:1866",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1866"
        },
        {
          "name": "RHSA-2024:1867",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1867"
        },
        {
          "name": "RHSA-2024:1868",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1868"
        },
        {
          "name": "RHSA-2024:2945",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2945"
        },
        {
          "name": "RHSA-2024:3752",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3752"
        },
        {
          "name": "RHSA-2024:3762",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3762"
        },
        {
          "name": "RHSA-2024:3919",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3919"
        },
        {
          "name": "RHSA-2024:3989",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:3989"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2024-1132"
        },
        {
          "name": "RHBZ#2262117",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262117"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2024-01-31T00:00:00+00:00",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2024-04-16T00:00:00+00:00",
          "value": "Made public."
        }
      ],
      "title": "Keycloak: path transversal in redirection validation",
      "workarounds": [
        {
          "lang": "en",
          "value": "No current mitigation is available for this vulnerability."
        }
      ],
      "x_generator": {
        "engine": "cvelib 1.8.0"
      },
      "x_redhatCweChain": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2024-1132",
    "datePublished": "2024-04-17T13:21:19.130Z",
    "dateReserved": "2024-01-31T17:07:33.455Z",
    "dateUpdated": "2026-01-16T13:47:13.836Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}