Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2024-29371 (GCVE-0-2024-29371)
Vulnerability from cvelistv5 – Published: 2025-12-17 00:00 – Updated: 2026-01-23 19:28- n/a
- CWE-1259 - Improper Restriction of Security Token Assignment
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-29371",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T18:38:20.096134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1259",
"description": "CWE-1259 Improper Restriction of Security Token Assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T18:48:36.126Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-23T19:28:10.386Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-29371",
"datePublished": "2025-12-17T00:00:00.000Z",
"dateReserved": "2024-03-19T00:00:00.000Z",
"dateUpdated": "2026-01-23T19:28:10.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2024-29371",
"date": "2026-06-30",
"epss": "0.00244",
"percentile": "0.15441"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-29371\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-12-17T16:16:04.567\",\"lastModified\":\"2026-06-17T07:22:45.723\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.\"}],\"affected\":[{\"source\":\"cve@mitre.org\",\"affectedData\":[{\"vendor\":\"n/a\",\"product\":\"n/a\",\"versions\":[{\"version\":\"n/a\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2025-12-17T18:38:20.096134Z\",\"id\":\"CVE-2024-29371\",\"options\":[{\"exploitation\":\"poc\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-1259\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:jose4j_project:jose4j:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.9.5\",\"matchCriteriaId\":\"DE62FF6D-FC62-42B0-9ED4-76A0C4419975\"}]}]}],\"references\":[{\"url\":\"https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mitigation\"]},{\"url\":\"https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Mitigation\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-29371\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-12-17T18:38:20.096134Z\"}}}], \"references\": [{\"url\": \"https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack\", \"tags\": [\"exploit\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1259\", \"description\": \"CWE-1259 Improper Restriction of Security Token Assignment\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-12-17T18:15:31.759Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"n/a\", \"versions\": [{\"status\": \"affected\", \"version\": \"n/a\"}]}], \"references\": [{\"url\": \"https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"text\", \"description\": \"n/a\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2026-01-23T19:28:10.386Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-29371\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-23T19:28:10.386Z\", \"dateReserved\": \"2024-03-19T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-12-17T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
RHSA-2026:13571
Vulnerability from csaf_redhat - Published: 2026-05-04 23:37 - Updated: 2026-07-01 06:03A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service (DoS), causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby impacting the availability of applications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
Workaround
|
A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server's lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific "Gadget" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Streams for Apache Kafka 3.2.0
Red Hat / Red Hat OpenShift Enterprise
|
cpe:/a:redhat:amq_streams:3.2::el9
|
— |
Vendor Fix
fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Streams for Apache Kafka 3.2.0 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Streams for Apache Kafka, based on the Apache Kafka project, offers a distributed\nbackbone that allows microservices and other applications to share data with\nextremely high throughput and extremely low latency.\n\nThis release of Red Hat Streams for Apache Kafka 3.2.0 serves as a replacement for Red Hat Streams for Apache Kafka 3.1.0, and includes security and bug fixes, and enhancements.\n\nSecurity Fix(es):\n* Drain Cleaner, Kafks Exporter - Eclipse Vert.x Web static handler file access denial [amq-st-3.2]\"(CVE-2026-1002)\"\n* Drain Cleaner, Kroxylicous - Netty denial of service[amqst-3.2]\"(CVE-2026-33871)\"\n* Drain Cleaner, Kroxylicous - Netty request smuggling attacks[amqst-3.2]\"(CVE-2026-33870)\"\n* Cruise Control - jose4j denial of service [amqst-3.2]\"(CVE-2024-29371)\"\n* Kafka Exporter - golang-github-danielqsj-kafka_exporter: Memory exhaustion in query parameter parsing in net/url [amq-st-3.2]\"(CVE-2025-61726)\"\n* Kafka Exporter - golang-github-danielqsj-kafka_exporter: golang: Denial of Service due to excessive resource consumption via crafted certificate [amq-st-3.2]\"(CVE-2025-61729)\"\n* Kafka Exporter - golang-github-danielqsj-kafka_exporter: Unexpected session resumption in crypto/tls [amqst-3.2]\"(CVE-2025-68121)\"\n* console UI - Next.js Server-Side Request Forgery in Server Actions [amqst-3.2]\"(CVE-2024-34351)\"\n* console UI - com.github.streamshub-console: Next.js: Unbounded next/image disk cache growth can exhaust storage[amqst-3.2]\"(CVE-2026-27980)\"\n* console UI - Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization [amqst-3.2]\"(CVE-2025-62718)\"\n* console UI - React Server Components: Denial of Service via specially crafted HTTP requests [amqst-3.2]\"(CVE-2026-23864)\"\n* console UI - Axios: Remote Code Execution via Prototype Pollution escalation [amqst-3.2]\"(CVE-2026-40175)\"\n* console UI - lodash: Arbitrary code execution via untrusted input in template imports [amqst-3.2]\"(CVE-2026-4800)\"",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:13571",
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "2433059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433059"
},
{
"category": "external",
"summary": "2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "2448509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448509"
},
{
"category": "external",
"summary": "2452453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
},
{
"category": "external",
"summary": "2452456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
},
{
"category": "external",
"summary": "2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "2454387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454387"
},
{
"category": "external",
"summary": "2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "2457432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457432"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_13571.json"
}
],
"title": "Red Hat Security Advisory: Streams for Apache Kafka 3.2.0 release and security update",
"tracking": {
"current_release_date": "2026-07-01T06:03:37+00:00",
"generator": {
"date": "2026-07-01T06:03:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:13571",
"initial_release_date": "2026-05-04T23:37:19+00:00",
"revision_history": [
{
"date": "2026-05-04T23:37:19+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-05-04T23:37:19+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T06:03:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Streams for Apache Kafka 3.2.0",
"product": {
"name": "Streams for Apache Kafka 3.2.0",
"product_id": "Streams for Apache Kafka 3.2.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:amq_streams:3.2::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat OpenShift Enterprise"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29371",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-17T16:01:18.173727+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important as it can lead to a Denial of Service in applications that process untrusted JSON Web Encryption tokens. An attacker can craft a malicious JWE token with an exceptionally high compression ratio, causing excessive memory allocation and processing time during decompression in affected components like jose4j. This affects products such as Red Hat AMQ, Enterprise Application Platform (EAP 8.0.z, 8.1.z), Red Hat JBoss Fuse, JBoss Data Grid, OpenShift Developer Tools \u0026 Services, Red Hat build of Apache Camel, Red Hat Integration, Red Hat OpenShift Dev Spaces, Red Hat Process Automation Manager, Red Hat Single Sign-On (RH-SSO), Insights, cloud.redhat.com, and OpenShift Serverless.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29371"
},
{
"category": "external",
"summary": "RHBZ#2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
},
{
"category": "external",
"summary": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack",
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
}
],
"release_date": "2025-12-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression"
},
{
"cve": "CVE-2024-34351",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"discovery_date": "2026-04-02T15:56:14.719577+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2454387"
}
],
"notes": [
{
"category": "description",
"text": "A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next: Next.js Server-Side Request Forgery in Server Actions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34351"
},
{
"category": "external",
"summary": "RHBZ#2454387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2454387"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34351",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34351"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34351"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
"url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/pull/62561",
"url": "https://github.com/vercel/next.js/pull/62561"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
}
],
"release_date": "2024-05-09T16:14:16.236000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "next: Next.js Server-Side Request Forgery in Server Actions"
},
{
"cve": "CVE-2025-61726",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-01-28T20:01:42.791305+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2434432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted HTTP request containing a massive number of query parameters will cause the application to consume an excessive amount of memory, eventually causing the application to crash or become unresponsive, resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "golang: net/url: Memory exhaustion in query parameter parsing in net/url",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this flaw, an attacker must be able to send a specially crafted HTTP request to an application parsing URL-encoded forms with net/url, specifically a request containing a large number of unique query parameters. The request will cause the application to consume an excessive amount of memory and eventually result in a denial of service, with no impact to confidentiality or integrity. Due to this reason, this vulnerability has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61726"
},
{
"category": "external",
"summary": "RHBZ#2434432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2434432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61726",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61726"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61726"
},
{
"category": "external",
"summary": "https://go.dev/cl/736712",
"url": "https://go.dev/cl/736712"
},
{
"category": "external",
"summary": "https://go.dev/issue/77101",
"url": "https://go.dev/issue/77101"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc",
"url": "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4341",
"url": "https://pkg.go.dev/vuln/GO-2026-4341"
}
],
"release_date": "2026-01-28T19:30:31.215000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url"
},
{
"cve": "CVE-2025-61729",
"cwe": {
"id": "CWE-1050",
"name": "Excessive Platform Resource Consumption within a Loop"
},
"discovery_date": "2025-12-02T20:01:45.330964+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418462"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in golang. A remote attacker could exploit this vulnerability by providing a specially crafted certificate during the error string construction process within the `HostnameError.Error()` function. This flaw, caused by unbounded string concatenation, leads to excessive resource consumption. Successful exploitation can result in a denial of service (DoS) for the affected system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61729"
},
{
"category": "external",
"summary": "RHBZ#2418462",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418462"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61729",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61729"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61729"
},
{
"category": "external",
"summary": "https://go.dev/cl/725920",
"url": "https://go.dev/cl/725920"
},
{
"category": "external",
"summary": "https://go.dev/issue/76445",
"url": "https://go.dev/issue/76445"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4",
"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-4155",
"url": "https://pkg.go.dev/vuln/GO-2025-4155"
}
],
"release_date": "2025-12-02T18:54:10.166000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate"
},
{
"cve": "CVE-2025-62718",
"cwe": {
"id": "CWE-1289",
"name": "Improper Validation of Unsafe Equivalence in Input"
},
"discovery_date": "2026-04-09T15:01:48.111177+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2456913"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability occurs because Axios does not correctly handle hostname normalization when evaluating NO_PROXY rules. An attacker can exploit this by crafting requests to loopback addresses (e.g., localhost. or [::1]) which bypass the NO_PROXY configuration and are routed through the configured proxy. This can lead to Server-Side Request Forgery (SSRF) vulnerabilities, enabling attackers to access sensitive internal or loopback services that should otherwise be protected.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw has limited impact due to combination of non-default conditions to exploit: the attacker must be able to control or influence URLs passed to axios in a server-side context, the application must have both `HTTP_PROXY` and `NO_PROXY` configured, and the proxy itself must be positioned to act on the misdirected traffic or have been compromised by the attacker to intercept the rerouted traffic.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-62718"
},
{
"category": "external",
"summary": "RHBZ#2456913",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456913"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-62718",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-62718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62718"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1",
"url": "https://datatracker.ietf.org/doc/html/rfc1034#section-3.1"
},
{
"category": "external",
"summary": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2",
"url": "https://datatracker.ietf.org/doc/html/rfc3986#section-3.2.2"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df",
"url": "https://github.com/axios/axios/commit/fb3befb6daac6cad26b2e54094d0f2d9e47f24df"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10661",
"url": "https://github.com/axios/axios/pull/10661"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5",
"url": "https://github.com/axios/axios/security/advisories/GHSA-3p68-rc4w-qgx5"
}
],
"release_date": "2026-04-09T14:31:46.067000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Server-Side Request Forgery and proxy bypass due to improper hostname normalization"
},
{
"cve": "CVE-2025-68121",
"discovery_date": "2026-02-05T18:01:30.086058+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2437111"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto/tls component. This vulnerability occurs during Transport Layer Security (TLS) session resumption when certificate authority (CA) settings are modified between the initial and resumed handshakes. An attacker could exploit this to bypass certificate validation, allowing a client or server to establish a connection that should have been rejected. This could lead to an authentication bypass under specific conditions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a moderate flaw because it only occurs under specific conditions, such as TLS session resumption with runtime changes to certificate authority settings. Exploitation is not straightforward and requires a controlled setup. The impact is limited to certificate validation within the same component and does not affect system availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-68121"
},
{
"category": "external",
"summary": "RHBZ#2437111",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2437111"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-68121",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-68121"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68121"
},
{
"category": "external",
"summary": "https://go.dev/cl/737700",
"url": "https://go.dev/cl/737700"
},
{
"category": "external",
"summary": "https://go.dev/issue/77217",
"url": "https://go.dev/issue/77217"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk",
"url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2026-4337",
"url": "https://pkg.go.dev/vuln/GO-2026-4337"
}
],
"release_date": "2026-02-05T17:48:44.141000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-4800",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"discovery_date": "2026-03-31T20:01:21.918257+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2453496"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in lodash. The fix for CVE-2021-23337 added validation for the variable option in _.template but did not apply the same validation to options.imports key names. Both paths flow into the same Function() constructor sink. Additionally, _.template uses assignInWith to merge imports, which enumerates inherited properties via for..in. If Object.prototype has been polluted by any other vector, the polluted keys are copied into the imports object and passed to Function().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: lodash: Arbitrary code execution via untrusted input in template imports",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "In the context of Red Hat Enterprise Linux, the grafana and grafana-pcp packages execute the affected JavaScript entirely client-side within the user\u0027s browser. Consequently, the attack surface is strictly restricted to the local browser environment.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-4800"
},
{
"category": "external",
"summary": "RHBZ#2453496",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2453496"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-4800",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-4800"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4800"
},
{
"category": "external",
"summary": "https://cna.openjsf.org/security-advisories.html",
"url": "https://cna.openjsf.org/security-advisories.html"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm",
"url": "https://github.com/advisories/GHSA-35jh-r3h4-6jhm"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c",
"url": "https://github.com/lodash/lodash/commit/3469357cff396a26c363f8c1b5a91dde28ba4b1c"
}
],
"release_date": "2026-03-31T19:25:55.987000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: lodash: Arbitrary code execution via untrusted input in template imports"
},
{
"cve": "CVE-2026-23864",
"cwe": {
"id": "CWE-1284",
"name": "Improper Validation of Specified Quantity in Input"
},
"discovery_date": "2026-01-26T20:01:54.396535+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433059"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in React Server Components. A remote attacker can exploit this vulnerability by sending specially crafted HTTP requests to Server Function endpoints. This can lead to a Denial of Service (DoS), causing server crashes, out-of-memory exceptions, or excessive CPU usage, thereby impacting the availability of applications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-23864"
},
{
"category": "external",
"summary": "RHBZ#2433059",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433059"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-23864",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-23864"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-23864",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23864"
},
{
"category": "external",
"summary": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg",
"url": "https://github.com/facebook/react/security/advisories/GHSA-83fc-fqcc-2hmg"
},
{
"category": "external",
"summary": "https://www.facebook.com/security/advisories/cve-2026-23864",
"url": "https://www.facebook.com/security/advisories/cve-2026-23864"
}
],
"release_date": "2026-01-26T19:16:38.250000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "react-server-dom-webpack: react-server-dom-parcel: reactreact-server-dom-turbopack: React Server Components: Denial of Service via specially crafted HTTP requests"
},
{
"cve": "CVE-2026-27980",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-18T01:01:36.393672+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2448509"
}
],
"notes": [
{
"category": "description",
"text": "An unbounded disk usage flaw has been discovered in Next.js. The default Next.js image optimization disk cache (`/_next/image`) did not have a configurable upper bound, allowing unbounded cache growth. An attacker could generate many unique image-optimization variants and exhaust disk space, causing denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-27980"
},
{
"category": "external",
"summary": "RHBZ#2448509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448509"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-27980",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-27980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-27980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27980"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd",
"url": "https://github.com/vercel/next.js/commit/39eb8e0ac498b48855a0430fbf4c22276a73b4bd"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/releases/tag/v16.1.7",
"url": "https://github.com/vercel/next.js/releases/tag/v16.1.7"
},
{
"category": "external",
"summary": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8",
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-3x4c-7xq6-9pq8"
}
],
"release_date": "2026-03-18T00:23:34.862000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "next.js: Next.js: Unbounded next/image disk cache growth can exhaust storage"
},
{
"cve": "CVE-2026-33870",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-03-27T21:01:59.865839+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452453"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote attacker could exploit this vulnerability by sending specially crafted HTTP/1.1 chunked transfer encoding extension values. Due to incorrect parsing of quoted strings, this flaw enables request smuggling attacks, potentially allowing an attacker to bypass security controls or access unauthorized information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33870"
},
{
"category": "external",
"summary": "RHBZ#2452453",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33870",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33870"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8",
"url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/06/18/funky-chunks.html",
"url": "https://w4ke.info/2025/06/18/funky-chunks.html"
},
{
"category": "external",
"summary": "https://w4ke.info/2025/10/29/funky-chunks-2.html",
"url": "https://w4ke.info/2025/10/29/funky-chunks-2.html"
},
{
"category": "external",
"summary": "https://www.rfc-editor.org/rfc/rfc9110",
"url": "https://www.rfc-editor.org/rfc/rfc9110"
}
],
"release_date": "2026-03-27T19:54:15.586000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values"
},
{
"cve": "CVE-2026-33871",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-03-27T21:02:13.396015+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2452456"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Netty. A remote user can trigger a Denial of Service (DoS) against a Netty HTTP/2 server by sending a flood of CONTINUATION frames. The server\u0027s lack of a limit on these frames, coupled with a bypass of size-based mitigations using zero-byte frames, allows an attacker to consume excessive CPU resources. This can render the server unresponsive with minimal bandwidth usage.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This important vulnerability in Netty HTTP/2 servers allows a remote attacker to cause a Denial of Service by sending a flood of CONTINUATION frames. This can lead to excessive CPU consumption and render the server unresponsive. Red Hat products utilizing affected Netty versions, such as Red Hat AMQ, Enterprise Application Platform, and OpenShift Container Platform components, are impacted if configured to use HTTP/2.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-33871"
},
{
"category": "external",
"summary": "RHBZ#2452456",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452456"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-33871",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-33871"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33871"
},
{
"category": "external",
"summary": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv",
"url": "https://github.com/netty/netty/security/advisories/GHSA-w9fj-cfpg-grvv"
}
],
"release_date": "2026-03-27T19:55:23.135000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "netty: Netty: Denial of Service via HTTP/2 CONTINUATION frame flood"
},
{
"cve": "CVE-2026-40175",
"cwe": {
"id": "CWE-915",
"name": "Improperly Controlled Modification of Dynamically-Determined Object Attributes"
},
"discovery_date": "2026-04-10T20:02:10.296601+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2457432"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Axios, a promise-based HTTP client. This vulnerability, known as Prototype Pollution, can be exploited through a specific \"Gadget\" attack chain. This allows an attacker to escalate a Prototype Pollution vulnerability in a third-party dependency, potentially leading to remote code execution or a full cloud compromise, such as bypassing AWS IMDSv2.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "axios: Axios: Remote Code Execution via Prototype Pollution escalation",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The Axios library, a promise-based HTTP client, is susceptible to an Important prototype pollution vulnerability. This flaw, when combined with specific \"Gadget\" attack chains in third-party dependencies, can lead to remote code execution or full cloud compromise, including bypassing AWS IMDSv2.\n \nWith pollution check patch available in Axios gives an advantage, it remains vulnerable due to HTTP Header Sanitation and Server-Side Request Forgery threat.\n\nRed Hat products that incorporate the vulnerable Axios library are affected.\n\nThe openshift4/ose-monitoring-plugin-rhel9 container image is not vulnerable to this flaw. The affected component is used as a build-time dependency but it\u0027s not shipped in the final product, meaning the flaw is not present thus cannot be exploited in the container deployments.\n\nRegarding openshift4/ose-console for Product stream 4.12 and 4.13, the vulnerable component is present (indirect dependency), but the vulnerability is not exploitable in our case due to the browser runtime, where the required Node.js-specific attack vectors are not available. With this, the impact becomes low.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Streams for Apache Kafka 3.2.0"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-40175"
},
{
"category": "external",
"summary": "RHBZ#2457432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457432"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-40175",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-40175"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40175"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1",
"url": "https://github.com/axios/axios/commit/363185461b90b1b78845dc8a99a1f103d9b122a1"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/pull/10660",
"url": "https://github.com/axios/axios/pull/10660"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/releases/tag/v1.15.0",
"url": "https://github.com/axios/axios/releases/tag/v1.15.0"
},
{
"category": "external",
"summary": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx",
"url": "https://github.com/axios/axios/security/advisories/GHSA-fvcv-3m26-pcqx"
}
],
"release_date": "2026-04-10T19:23:52.285000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-05-04T23:37:19+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Streams for Apache Kafka 3.2.0"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:13571"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Streams for Apache Kafka 3.2.0"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "axios: Axios: Remote Code Execution via Prototype Pollution escalation"
}
]
}
RHSA-2026:33371
Vulnerability from csaf_redhat - Published: 2026-06-30 00:13 - Updated: 2026-07-01 00:09A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Workaround
|
A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.
CWE-400 - Uncontrolled Resource Consumption| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Vendor Fix
fix
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — | ||
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes (including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements) as requiring strict sanitization. As a result, an attacker who can supply untrusted data bound to those attributes may inject a malicious javascript: URL or script that persists (Stored XSS), which can execute in the context of the application's origin when rendered.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch | — |
Vendor Fix
fix
Workaround
|
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch | — |
Workaround
|
|
| Unresolved product id: 7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src | — |
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Enterprise Application Platform 7.3 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.3.18 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.3.17, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.3.18 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jose4j: From CVEorg collector (CVE-2024-29371)\n\n* undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF (CVE-2025-12543)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files (CVE-2025-23184)\n\n* undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability (CVE-2025-9784)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:33371",
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "JBEAP-31703",
"url": "https://issues.redhat.com/browse/JBEAP-31703"
},
{
"category": "external",
"summary": "JBEAP-33004",
"url": "https://issues.redhat.com/browse/JBEAP-33004"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update",
"tracking": {
"current_release_date": "2026-07-01T00:09:49+00:00",
"generator": {
"date": "2026-07-01T00:09:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:33371",
"initial_release_date": "2026-06-30T00:13:50+00:00",
"revision_history": [
{
"date": "2026-06-30T00:13:50+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-06-30T00:13:50+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T00:09:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product": {
"name": "Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform_eus:7.3::el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"product_id": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"product_id": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-8.SP9_redhat_00001.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"product_id": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-23.Final_redhat_00025.1.el7eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"product": {
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"product_id": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.18-3.GA_redhat_00001.1.el7eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-rt@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-services@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product": {
"name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_id": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-apache-cxf-tools@3.4.10-4.SP2_redhat_00004.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-undertow@2.0.41-8.SP9_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-cli@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-core@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap6.4-to-eap7.3@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.1@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.2-to-eap7.3@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-eap7.3-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly10.1@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly11.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly12.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly13.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly14.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly15.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly16.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly17.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly18.0-server@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly8.2@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_id": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-jboss-server-migration-wildfly9.0@1.7.2-23.Final_redhat_00025.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk11@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-java-jdk8@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-javadocs@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product": {
"name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_id": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap7-wildfly-modules@7.3.18-3.GA_redhat_00001.1.el7eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src"
},
"product_reference": "eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
},
"product_reference": "eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src"
},
"product_reference": "eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch"
},
"product_reference": "eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src"
},
"product_reference": "eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch as a component of Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 Server",
"product_id": "7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
},
"product_reference": "eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"relates_to_product_reference": "7Server-JBEAP-7.3-EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29371",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"discovery_date": "2025-12-17T16:01:18.173727+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2423194"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This can lead to a Denial of Service, making the service unavailable to legitimate users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important as it can lead to a Denial of Service in applications that process untrusted JSON Web Encryption tokens. An attacker can craft a malicious JWE token with an exceptionally high compression ratio, causing excessive memory allocation and processing time during decompression in affected components like jose4j. This affects products such as Red Hat AMQ, Enterprise Application Platform (EAP 8.0.z, 8.1.z), Red Hat JBoss Fuse, JBoss Data Grid, OpenShift Developer Tools \u0026 Services, Red Hat build of Apache Camel, Red Hat Integration, Red Hat OpenShift Dev Spaces, Red Hat Process Automation Manager, Red Hat Single Sign-On (RH-SSO), Insights, cloud.redhat.com, and OpenShift Serverless.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-29371"
},
{
"category": "external",
"summary": "RHBZ#2423194",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423194"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-29371",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29371"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
},
{
"category": "external",
"summary": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack",
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
}
],
"release_date": "2025-12-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression"
},
{
"cve": "CVE-2025-9784",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-09-01T06:19:20.938000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2392306"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the \"MadeYouReset\" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with an Important severity. It is simple to exploit because it does not require authentication and could result in a Denial of Service (DoS). While some DoS flaws are classified as Moderate, \u201cMadeYouReset\u201d is Important because of the limited barriers (no specialized tooling or advanced scripting) to exploitation, which directly impacts service availability. The vulnerability arises from an implementation weakness in HTTP/2 stream reset handling \u2014 malformed client requests can trigger server-side resets without incrementing abuse counters, allowing an attacker to bypass built-in request throttling and overhead limits. Since these resets consume CPU and memory resources and can be generated at scale over a single TCP/TLS connection, a remote attacker could exhaust server capacity quickly, impacting all legitimate clients.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-9784"
},
{
"category": "external",
"summary": "RHBZ#2392306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-9784",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-9784"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9784"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/pull/1778",
"url": "https://github.com/undertow-io/undertow/pull/1778"
},
{
"category": "external",
"summary": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final",
"url": "https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final"
},
{
"category": "external",
"summary": "https://issues.redhat.com/browse/UNDERTOW-2598",
"url": "https://issues.redhat.com/browse/UNDERTOW-2598"
},
{
"category": "external",
"summary": "https://kb.cert.org/vuls/id/767506",
"url": "https://kb.cert.org/vuls/id/767506"
}
],
"release_date": "2025-09-01T06:21:54.614000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability"
},
{
"acknowledgments": [
{
"names": [
"Ahmet Artu\u00e7"
]
}
],
"cve": "CVE-2025-12543",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2025-10-31T06:15:35.424000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408784"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability has an Important severity because it can be remotely exploited without authentication. However, limited user interaction is required for full impact. It could allow attackers to hijack additional accounts, steal credentials, or gain access to internal systems. The issue stems from improper input validation of HTTP Host headers, leading to serious breaches in confidentiality and integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-12543"
},
{
"category": "external",
"summary": "RHBZ#2408784",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408784"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-12543",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-12543"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12543"
}
],
"release_date": "2026-01-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use, applicability, or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF"
},
{
"cve": "CVE-2025-13465",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"discovery_date": "2026-01-21T20:01:28.774829+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2431740"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Lodash. A prototype pollution vulnerability in the _.unset and _.omit functions allows an attacker able to control property paths to delete methods from global prototypes. By removing essential functionalities, this can result in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "lodash: prototype pollution in _.unset and _.omit functions",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is only exploitable by applications using the _.unset and _.omit functions on an object and allowing user input to determine the path of the property to be removed. This issue only allows the deletion of properties but does not allow overwriting their behavior, limiting the impact to a denial of service. Due to this reason, this vulnerability has been rated with an important severity.\n\nIn Grafana, JavaScript code runs only in the browser, while the server side is all Golang. Therefore, the worst-case scenario is a loss of functionality in the client application inside the browser. To reflect this, the CVSS availability metric and the severity of the Grafana and the Grafana-PCP component have been updated to low and moderate, respectively.\n\nThe lodash dependency is bundled and used by the pcs-web-ui component of the PCS package. In Red Hat Enterprise Linux 8.10, the pcs-web-ui component is no longer included in the PCS package. As a result, RHEL 8.10 does not ship the vulnerable lodash component within PCS and is therefore not-affected by this CVE.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13465"
},
{
"category": "external",
"summary": "RHBZ#2431740",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2431740"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13465",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13465"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13465"
},
{
"category": "external",
"summary": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg",
"url": "https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg"
}
],
"release_date": "2026-01-21T19:05:28.846000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "To mitigate this issue, implement strict input validation before passing any property paths to the _.unset and _.omit functions to block attempts to access the prototype chain. Ensure that strings like __proto__, constructor and prototype are blocked, for example.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "lodash: prototype pollution in _.unset and _.omit functions"
},
{
"cve": "CVE-2025-15284",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-12-29T23:00:58.541337+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2425946"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in qs, a module used for parsing query strings. A remote attacker can exploit an improper input validation vulnerability by sending specially crafted HTTP requests that use bracket notation (e.g., `a[]=value`). This bypasses the `arrayLimit` option, which is designed to limit the size of parsed arrays and prevent resource exhaustion. Successful exploitation can lead to memory exhaustion, causing a Denial of Service (DoS) where the application crashes or becomes unresponsive, making the service unavailable to users.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "qs: qs: Denial of Service via improper input validation in array parsing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Important for Red Hat products that utilize the `qs` module for parsing query strings, particularly when processing user-controlled input with bracket notation. The `arrayLimit` option, intended to prevent resource exhaustion, is bypassed when bracket notation (`a[]=value`) is used, allowing a remote attacker to cause a denial of service through memory exhaustion. This can lead to application crashes or unresponsiveness, making the service unavailable.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-15284"
},
{
"category": "external",
"summary": "RHBZ#2425946",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2425946"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-15284",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-15284"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15284"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9",
"url": "https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9"
},
{
"category": "external",
"summary": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p",
"url": "https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p"
}
],
"release_date": "2025-12-29T22:56:45.240000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "qs: qs: Denial of Service via improper input validation in array parsing"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"acknowledgments": [
{
"names": [
"Claudia Bartolini",
"Marco Ventura",
"Massimiliano Brolli"
],
"organization": "TIM S.p.A"
}
],
"cve": "CVE-2025-23368",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"discovery_date": "2025-01-14T14:56:46.792000+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2337621"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "According to WildFly Elytron, this affects all versions of JBoss EAP from version 7.1.\nRed Hat build of Keycloak does not ship wildfly-elytron.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23368"
},
{
"category": "external",
"summary": "RHBZ#2337621",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337621"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23368",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23368"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23368"
},
{
"category": "external",
"summary": "https://www.gruppotim.it/it/footer/red-team.html",
"url": "https://www.gruppotim.it/it/footer/red-team.html"
}
],
"release_date": "2025-03-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "The effectiveness of an attack will also be dependent on the complexity of the usernames and passwords defined for the target installation.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI"
},
{
"cve": "CVE-2025-66412",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-12-01T23:01:21.304427+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2418155"
}
],
"notes": [
{
"category": "description",
"text": "A flaw exists in the template compiler of Angular as it fails to properly classify certain URL-bearing attributes (including SVG and MathML attributes such as href, xlink:href, or the attributeName of SVG animation elements) as requiring strict sanitization. As a result, an attacker who can supply untrusted data bound to those attributes may inject a malicious javascript: URL or script that persists (Stored XSS), which can execute in the context of the application\u0027s origin when rendered.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-66412"
},
{
"category": "external",
"summary": "RHBZ#2418155",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2418155"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-66412",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-66412"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-66412",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-66412"
},
{
"category": "external",
"summary": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a",
"url": "https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a"
},
{
"category": "external",
"summary": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49",
"url": "https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49"
}
],
"release_date": "2025-12-01T22:35:59.211000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "You could always manually sanitize user-controlled input or Disable or restrict dynamic SVG/MathML usage where possible in order to mitigate this flaw.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "angular: Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes"
},
{
"cve": "CVE-2025-69873",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2026-02-11T19:01:32.953264+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2439070"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in ajv. When the $data option is enabled, the value of the pattern keyword is passed directly to the JavaScript RegExp() constructor without sufficient validation. An attacker able to supply a malicious regular expression pattern can trigger a ReDoS (Regular Expression Denial of Service), causing the application to become unresponsive and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "ajv: ReDoS via $data reference",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "To exploit this issue, the $data option must be enabled and the attacker needs to be able to send a payload with a specially crafted regular expression to the application processing the input. A 31-character payload causes approximately 44 seconds of execution, with each additional character doubling the execution time. Therefore, even a small payload can cause an application to become unresponsive and eventually result in a denial of service. Due to this reason, this flaw has been rated with an important severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-69873"
},
{
"category": "external",
"summary": "RHBZ#2439070",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439070"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-69873",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-69873"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-69873"
},
{
"category": "external",
"summary": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md",
"url": "https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md"
}
],
"release_date": "2026-02-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "To mitigate this issue, disable the $data feature if your application does not require it. If $data must be used, implement strict validation of the input fields that are referenced by the pattern keyword to ensure they contain only expected and safe characters.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "ajv: ReDoS via $data reference"
},
{
"cve": "CVE-2026-1002",
"cwe": {
"id": "CWE-444",
"name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
},
"discovery_date": "2026-01-15T21:03:20.088599+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2430180"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability allows a remote attacker to block access to specific static files, such as images, CSS or HTML files. However, the underlying Vert.x server, the API endpoints and other non-cached resources are not affected. Due to this reason, this issue has been rated with a moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-1002"
},
{
"category": "external",
"summary": "RHBZ#2430180",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2430180"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-1002",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-1002"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1002"
},
{
"category": "external",
"summary": "https://github.com/eclipse-vertx/vert.x/pull/5895",
"url": "https://github.com/eclipse-vertx/vert.x/pull/5895"
}
],
"release_date": "2026-01-15T20:50:25.642000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, consider disabling the static handler cache by configuring the StaticHandler instance with setCachingEnabled(false), for example:\n\n~~~\nStaticHandler staticHandler = StaticHandler.create().setCachingEnabled(false);\n~~~",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files"
},
{
"cve": "CVE-2026-24842",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"discovery_date": "2026-01-28T01:01:16.886629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2433645"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in node-tar, a Node.js module for handling TAR archives. This vulnerability allows a remote attacker to bypass path traversal protections by crafting a malicious TAR archive. The security check for hardlink entries uses different path resolution logic than the actual hardlink creation, enabling the attacker to create hardlinks to arbitrary files outside the intended extraction directory. This could lead to unauthorized information disclosure or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is an IMPORTANT vulnerability in node-tar, a Node.js module for handling TAR archives. The flaw allows an attacker to bypass path traversal protections by crafting a malicious TAR archive. This could lead to the creation of hardlinks to arbitrary files outside the intended extraction directory, potentially resulting in unauthorized information disclosure or further system compromise in affected Red Hat products utilizing node-tar for archive processing.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"known_not_affected": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-24842"
},
{
"category": "external",
"summary": "RHBZ#2433645",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433645"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-24842",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24842"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24842"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46",
"url": "https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46"
},
{
"category": "external",
"summary": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v",
"url": "https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v"
}
],
"release_date": "2026-01-28T00:20:13.261000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-06-30T00:13:50+00:00",
"details": "Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:33371"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"products": [
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-0:3.4.10-4.SP2_redhat_00004.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-rt-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-services-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-apache-cxf-tools-0:3.4.10-4.SP2_redhat_00004.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-0:1.7.2-23.Final_redhat_00025.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-cli-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-core-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap6.4-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.2-to-eap7.3-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-eap7.3-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly10.1-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly11.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly12.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly13.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly14.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly15.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly16.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly17.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly18.0-server-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly8.2-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-jboss-server-migration-wildfly9.0-0:1.7.2-23.Final_redhat_00025.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-undertow-0:2.0.41-8.SP9_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-0:7.3.18-3.GA_redhat_00001.1.el7eap.src",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk11-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-java-jdk8-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-javadocs-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch",
"7Server-JBEAP-7.3-EUS:eap7-wildfly-modules-0:7.3.18-3.GA_redhat_00001.1.el7eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check"
}
]
}
SUSE-SU-2026:1010-1
Vulnerability from csaf_suse - Published: 2026-03-25 10:10 - Updated: 2026-03-25 10:10| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64 | — |
Vendor Fix
|
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update 5.0.7 for Multi-Linux Manager Server",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nbranch-network-formula:\n\n- Update to version 1.1.0 \n * Enable containers on SLE15SP7\n * Exclude podman interfaces from sysctl setting\n\ncobbler:\n\n- Compatibility fixes for tftpboot directory setup\n\ninter-server-sync:\n\n- Version 0.3.10-0\n * Write log to a rotated file without rsyslog and logrotate\n * Recreate cobbler entries on the import (bsc#1220899)\n * remove support for 4.2 file based pillars\n * use correct hostname detection for 5.x servers\n (bsc#1253322)\n\njose4j:\n\n- CVE-2024-29371: Safeguard against excessive resource utilization by\n restricting the size of data during JWE payload decompression (bsc#1255298)\n\nliberate-formula:\n\n- Version 0.1.2\n * Add option to prevent logo packages from being installed \n\nspacecmd:\n\n- Version 5.0.15-0\n * Fix typo in spacecmd help ca-cert flag (bsc#1253174)\n * Convert cached IDs to int (bsc#1251995)\n * Fix spacecmd binary file upload (bsc#1253659)\n\nspacewalk-backend:\n\n- Version 5.0.17-0\n * Fix reposync mediaproduct fetch when\n URL contains auth token (bsc#1252388)\n\nspacewalk-certs-tools:\n\n- Version 5.0.13-0\n * Fix bootstrap script for SLM 6.2 (bsc#1257992)\n * Fix failing bootstrap with bootstrap script on SLES 16\n and SL Micro 6.2 (bsc#1256991)\n\nspacewalk-client-tools:\n\n- Version 5.0.12-0\n * Update translation strings\n\nspacewalk-config:\n\n- Version 5.0.9-0\n * Enable HSTS in Apache config (bsc#1255176)\n * Force SameSite=Lax on all Set-Cookie headers (bsc#1253711)\n\nspacewalk-java:\n\n- Version 5.0.31-0\n * Commit DB changes before refreshing pillar for SSH push minions\n (bsc#1253712)\n * Fix http proxy verification (bsc#1253501)\n * Fix: Broken URL in API docs (bsc#1244177)\n * Fix crash in ubuntu errata sync on deleted channel ids\n (bsc#1250561)\n * Fix dnf updateinfo showing wrong severity for\n security updates (bsc#1252937)\n * Add details on config channels and state order in UI\n (bsc#1253285)\n * fix reposync crashing at metadata generation (bsc#1257538)\n * Block multiple versions of the same package\n from being locked (bsc#1246315)\n * Use PackageEvr instead of string for fix_version (bsc#1252638)\n * Add multi-thread support for message queue (bsc#1247722)\n * Fix ungrouped systems list menu item (bsc#1254251)\n\nspacewalk-proxy:\n\n- Version 5.0.8-0\n * Disable listing the content of /icons (bsc#1247544)\n\nspacewalk-proxy-installer:\n\n- Version 5.0.3-0\n * Configure squid replacement policy properly before cache dir\n (bsc#1253773)\n\nspacewalk-web:\n\n- Version 5.0.26-0\n * Update web UI dependencies\n * Add details on config channels and state order in UI\n (bsc#1253285)\n\nsusemanager:\n\n- Version 5.0.17-0\n * Fix the product ids of client tools channels\n * Fixed the package name to correct one (bsc#1255089)\n\nsusemanager-build-keys:\n\n- Add openSUSE Backports for SUSE Linux 16 key (bsc#1257255)\n\nsusemanager-docs_en:\n\n- Updated the screenshots in multiple sections in Installation and Upgrade Guide\n- Reformatted storage-scripts table to use plain paragraphs instead of bullet\n lists to fix po4a extraction issue causing missing bullets in CJK translations\n- Added a warning for all instances where mgradm upgrade podman is used\n- Added section about container-based Kiwi image build support to Administration\n guide (bsc#1251865)\n- Included global GPG decryption for pillar data in specialized guide\n (bsc#1255743)\n- CIS removed from list of supported OpenSCAP profiles\n- Changes example for the third-party repository GPG keys (bsc#1255857)\n- Added SLE16 and openSUSE Leap 16 as supported clients\n- Explained how to generate the proxy certificates on a peripheral server\n (bsc#1249425)\n- Improved procedure formatting for better clarity in Administration Guide\n (bsc#1253660)\n- Added links to man pages for createrepo_c and reprepro to Administration\n Guide (bsc#1237181)\n- Added missing options to command example in Installation and Upgrade Guide\n (bsc#1252908)\n- Added non-SUSE URLs to requirements in installation and Upgrade Guide\n (bsc#1252665)\n- Fixed typo for command options in Reference Guide (bsc#1253174)\n- Added additional step for client deletion in Client Configuration Guide\n (bsc#1253249)\n- Clarified server config option for spacemd in Refrence Guide (bsc#1253197)\n- Changed the installation instructions to use product instead of packages\n (bsc#1249041) \n\nsusemanager-schema:\n\n- Version 5.0.18-0\n * Refactor oval related tables (bsc#1252638)\n * Increase size of column \u0027context\u0027 on tables\n \u0027suseappstream\u0027 and \u0027suseserverappstream\u0027 (bsc#1255653)\n * Add leftovers of partially missing ARMHF for Debian (bsc#1248783)\n\nsusemanager-sls:\n\n- Version 5.0.21-0\n * Fix error on shutdown for sles 12 (bsc#1255634)\n * Fix bootstrap for SLM 6.2 and newer (bsc#1257992)\n * Make mgr_events salt engine non-blocking on reading events\n * Avoid losing the events on DB connection issues (bsc#1252098)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1010,SUSE-SUSE-Manager-Proxy-5.0-2026-1010,SUSE-SUSE-Manager-Retail-Branch-Server-5.0-2026-1010,SUSE-SUSE-Manager-Server-5.0-2026-1010",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1010-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1010-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261010-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1010-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024920.html"
},
{
"category": "self",
"summary": "SUSE Bug 1220899",
"url": "https://bugzilla.suse.com/1220899"
},
{
"category": "self",
"summary": "SUSE Bug 1237181",
"url": "https://bugzilla.suse.com/1237181"
},
{
"category": "self",
"summary": "SUSE Bug 1244177",
"url": "https://bugzilla.suse.com/1244177"
},
{
"category": "self",
"summary": "SUSE Bug 1246315",
"url": "https://bugzilla.suse.com/1246315"
},
{
"category": "self",
"summary": "SUSE Bug 1247544",
"url": "https://bugzilla.suse.com/1247544"
},
{
"category": "self",
"summary": "SUSE Bug 1247722",
"url": "https://bugzilla.suse.com/1247722"
},
{
"category": "self",
"summary": "SUSE Bug 1248783",
"url": "https://bugzilla.suse.com/1248783"
},
{
"category": "self",
"summary": "SUSE Bug 1249041",
"url": "https://bugzilla.suse.com/1249041"
},
{
"category": "self",
"summary": "SUSE Bug 1249425",
"url": "https://bugzilla.suse.com/1249425"
},
{
"category": "self",
"summary": "SUSE Bug 1250561",
"url": "https://bugzilla.suse.com/1250561"
},
{
"category": "self",
"summary": "SUSE Bug 1251865",
"url": "https://bugzilla.suse.com/1251865"
},
{
"category": "self",
"summary": "SUSE Bug 1251995",
"url": "https://bugzilla.suse.com/1251995"
},
{
"category": "self",
"summary": "SUSE Bug 1252098",
"url": "https://bugzilla.suse.com/1252098"
},
{
"category": "self",
"summary": "SUSE Bug 1252388",
"url": "https://bugzilla.suse.com/1252388"
},
{
"category": "self",
"summary": "SUSE Bug 1252638",
"url": "https://bugzilla.suse.com/1252638"
},
{
"category": "self",
"summary": "SUSE Bug 1252665",
"url": "https://bugzilla.suse.com/1252665"
},
{
"category": "self",
"summary": "SUSE Bug 1252908",
"url": "https://bugzilla.suse.com/1252908"
},
{
"category": "self",
"summary": "SUSE Bug 1252937",
"url": "https://bugzilla.suse.com/1252937"
},
{
"category": "self",
"summary": "SUSE Bug 1253174",
"url": "https://bugzilla.suse.com/1253174"
},
{
"category": "self",
"summary": "SUSE Bug 1253197",
"url": "https://bugzilla.suse.com/1253197"
},
{
"category": "self",
"summary": "SUSE Bug 1253249",
"url": "https://bugzilla.suse.com/1253249"
},
{
"category": "self",
"summary": "SUSE Bug 1253285",
"url": "https://bugzilla.suse.com/1253285"
},
{
"category": "self",
"summary": "SUSE Bug 1253322",
"url": "https://bugzilla.suse.com/1253322"
},
{
"category": "self",
"summary": "SUSE Bug 1253501",
"url": "https://bugzilla.suse.com/1253501"
},
{
"category": "self",
"summary": "SUSE Bug 1253659",
"url": "https://bugzilla.suse.com/1253659"
},
{
"category": "self",
"summary": "SUSE Bug 1253660",
"url": "https://bugzilla.suse.com/1253660"
},
{
"category": "self",
"summary": "SUSE Bug 1253711",
"url": "https://bugzilla.suse.com/1253711"
},
{
"category": "self",
"summary": "SUSE Bug 1253712",
"url": "https://bugzilla.suse.com/1253712"
},
{
"category": "self",
"summary": "SUSE Bug 1253773",
"url": "https://bugzilla.suse.com/1253773"
},
{
"category": "self",
"summary": "SUSE Bug 1254251",
"url": "https://bugzilla.suse.com/1254251"
},
{
"category": "self",
"summary": "SUSE Bug 1255089",
"url": "https://bugzilla.suse.com/1255089"
},
{
"category": "self",
"summary": "SUSE Bug 1255176",
"url": "https://bugzilla.suse.com/1255176"
},
{
"category": "self",
"summary": "SUSE Bug 1255298",
"url": "https://bugzilla.suse.com/1255298"
},
{
"category": "self",
"summary": "SUSE Bug 1255634",
"url": "https://bugzilla.suse.com/1255634"
},
{
"category": "self",
"summary": "SUSE Bug 1255653",
"url": "https://bugzilla.suse.com/1255653"
},
{
"category": "self",
"summary": "SUSE Bug 1255743",
"url": "https://bugzilla.suse.com/1255743"
},
{
"category": "self",
"summary": "SUSE Bug 1255857",
"url": "https://bugzilla.suse.com/1255857"
},
{
"category": "self",
"summary": "SUSE Bug 1256991",
"url": "https://bugzilla.suse.com/1256991"
},
{
"category": "self",
"summary": "SUSE Bug 1257255",
"url": "https://bugzilla.suse.com/1257255"
},
{
"category": "self",
"summary": "SUSE Bug 1257538",
"url": "https://bugzilla.suse.com/1257538"
},
{
"category": "self",
"summary": "SUSE Bug 1257992",
"url": "https://bugzilla.suse.com/1257992"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2024-29371 page",
"url": "https://www.suse.com/security/cve/CVE-2024-29371/"
}
],
"title": "Security update 5.0.7 for Multi-Linux Manager Server",
"tracking": {
"current_release_date": "2026-03-25T10:10:02Z",
"generator": {
"date": "2026-03-25T10:10:02Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1010-1",
"initial_release_date": "2026-03-25T10:10:02Z",
"revision_history": [
{
"date": "2026-03-25T10:10:02Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"product_id": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"product_id": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"product_id": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"product_id": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"product_id": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"product_id": "suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"product_id": "suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"product_id": "suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"product": {
"name": "suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"product_id": "suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"product": {
"name": "suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"product_id": "suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"product": {
"name": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"product_id": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"product": {
"name": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"product_id": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"product": {
"name": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"product_id": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"product": {
"name": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"product_id": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"product": {
"name": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"product_id": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"product": {
"name": "suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"product_id": "suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"product": {
"name": "suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"product_id": "suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"product": {
"name": "suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"product_id": "suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"product": {
"name": "suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"product_id": "suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"product_id": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"product_id": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"product_id": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"product_id": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"product_id": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"product_id": "suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"product_id": "suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"product_id": "suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64"
}
},
{
"category": "product_version",
"name": "suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64",
"product": {
"name": "suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64",
"product_id": "suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 5.0",
"product": {
"name": "SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:5.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server Extension 5.0",
"product": {
"name": "SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0"
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 5.0",
"product": {
"name": "SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:5.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64 as component of SUSE Manager Proxy 5.0",
"product_id": "SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x"
},
"product_reference": "suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64 as component of SUSE Manager Retail Branch Server Extension 5.0",
"product_id": "SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server Extension 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64"
},
"product_reference": "suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le"
},
"product_reference": "suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x"
},
"product_reference": "suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x"
},
"product_reference": "suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x"
},
"product_reference": "suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x"
},
"product_reference": "suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64 as component of SUSE Manager Server 5.0",
"product_id": "SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64"
},
"product_reference": "suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64",
"relates_to_product_reference": "SUSE Manager Server 5.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2024-29371"
}
],
"notes": [
{
"category": "general",
"text": "In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2024-29371",
"url": "https://www.suse.com/security/cve/CVE-2024-29371"
},
{
"category": "external",
"summary": "SUSE Bug 1255298 for CVE-2024-29371",
"url": "https://bugzilla.suse.com/1255298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Proxy 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-httpd-image-5.0.7-7.30.13.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-salt-broker-image-5.0.7-7.32.15.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-squid-image-5.0.7-7.30.6.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-ssh-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-aarch64-proxy-tftpd-image-5.0.7-7.30.5.aarch64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-httpd-image-5.0.7-7.30.13.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-salt-broker-image-5.0.7-7.32.15.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-squid-image-5.0.7-7.30.6.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-ssh-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-ppc64le-proxy-tftpd-image-5.0.7-7.30.5.ppc64le",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-httpd-image-5.0.7-7.30.13.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-salt-broker-image-5.0.7-7.32.15.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-squid-image-5.0.7-7.30.6.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-ssh-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-s390x-proxy-tftpd-image-5.0.7-7.30.5.s390x",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-httpd-image-5.0.7-7.30.13.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-salt-broker-image-5.0.7-7.32.15.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-squid-image-5.0.7-7.30.6.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-ssh-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Retail Branch Server Extension 5.0:suse-manager-5.0-x86_64-proxy-tftpd-image-5.0.7-7.30.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-attestation-image-5.0.7-6.34.5.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-image-5.0.7-7.37.12.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-aarch64-server-migration-14-16-image-5.0.7-7.30.7.aarch64",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-attestation-image-5.0.7-6.34.5.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-hub-xmlrpc-api-image-5.0.7-6.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-image-5.0.7-7.37.12.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-ppc64le-server-migration-14-16-image-5.0.7-7.30.7.ppc64le",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-attestation-image-5.0.7-6.34.5.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-hub-xmlrpc-api-image-5.0.7-6.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-image-5.0.7-7.37.12.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-s390x-server-migration-14-16-image-5.0.7-7.30.7.s390x",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-attestation-image-5.0.7-6.34.5.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-hub-xmlrpc-api-image-5.0.7-6.30.7.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-image-5.0.7-7.37.12.x86_64",
"SUSE Manager Server 5.0:suse-manager-5.0-x86_64-server-migration-14-16-image-5.0.7-7.30.7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-25T10:10:02Z",
"details": "important"
}
],
"title": "CVE-2024-29371"
}
]
}
WID-SEC-W-2026-0517
Vulnerability from csaf_certbund - Published: 2026-02-25 23:00 - Updated: 2026-05-28 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Operational Decision Manager 8.11.1.0
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.1.0
|
8.11.1.0 | |
|
IBM TXSeries Multiplatforms
IBM / TXSeries
|
cpe:/a:ibm:txseries:multiplatforms
|
Multiplatforms | |
|
IBM Operational Decision Manager 9.0.0.1
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:9.0.0.1
|
9.0.0.1 | |
|
IBM Operational Decision Manager 9.5.0.1
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:9.5.0.1
|
9.5.0.1 | |
|
IBM Rational ClearQuest 10.0-10.0.8
IBM / Rational ClearQuest
|
cpe:/a:ibm:rational_clearquest:10.0_-_10.0.8
|
10.0-10.0.8 | |
|
IBM WebSphere Application Server <8.5.5.29 PH69757
IBM / WebSphere Application Server
|
<8.5.5.29 PH69757 | ||
|
IBM Rational ClearQuest 9.1-9.1.0.9
IBM / Rational ClearQuest
|
cpe:/a:ibm:rational_clearquest:9.1_-_9.1.0.9
|
9.1-9.1.0.9 | |
|
IBM WebSphere Application Server Liberty <26.0.0.2 PH69729
IBM / WebSphere Application Server
|
Liberty <26.0.0.2 PH69729 | ||
|
IBM Business Automation Workflow 24.0.0
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:24.0.0
|
24.0.0 | |
|
IBM WebSphere Service Registry and Repository
IBM
|
cpe:/a:ibm:websphere_service_registry_and_repository:-
|
— | |
|
IBM Tivoli Network Manager
IBM
|
cpe:/a:ibm:tivoli_network_manager:-
|
— | |
|
IBM WebSphere Application Server <9.0.5.26 PH69757
IBM / WebSphere Application Server
|
<9.0.5.26 PH69757 | ||
|
IBM Business Automation Workflow 25.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:25.0.1
|
25.0.1 | |
|
IBM Business Automation Workflow 25.0.0
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:25.0.0
|
25.0.0 | |
|
IBM Business Automation Workflow 24.0.1
IBM / Business Automation Workflow
|
cpe:/a:ibm:business_automation_workflow:24.0.1
|
24.0.1 | |
|
IBM Tivoli Monitoring 6.3.0.7
IBM / Tivoli Monitoring
|
cpe:/a:ibm:tivoli_monitoring:6.3.0.7
|
6.3.0.7 | |
|
IBM MQ
IBM
|
cpe:/a:ibm:mq:-
|
— | |
|
IBM Operational Decision Manager 8.11.0.1
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.11.0.1
|
8.11.0.1 | |
|
IBM Operational Decision Manager 8.12.0.1
IBM / Operational Decision Manager
|
cpe:/a:ibm:operational_decision_manager:8.12.0.1
|
8.12.0.1 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM WebSphere Application Server ist ein J2EE-Applikationsserver.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM WebSphere Application Server und WebSphere Application Server Liberty ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0517 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0517.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0517 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0517"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261794 vom 2026-02-25",
"url": "https://www.ibm.com/support/pages/node/7261794"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7261927 vom 2026-02-26",
"url": "https://www.ibm.com/support/pages/node/7261927"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7263094 vom 2026-03-10",
"url": "https://www.ibm.com/support/pages/node/7263094"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7263211 vom 2026-03-11",
"url": "https://www.ibm.com/support/pages/node/7263211"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7269254 vom 2026-04-13",
"url": "https://www.ibm.com/support/pages/node/7269254"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7270273 vom 2026-04-21",
"url": "https://www.ibm.com/support/pages/node/7270273"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271937 vom 2026-05-07",
"url": "https://www.ibm.com/support/pages/node/7271937"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7272823 vom 2026-05-13",
"url": "https://www.ibm.com/support/pages/node/7272823"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274314 vom 2026-05-28",
"url": "https://www.ibm.com/support/pages/node/7274314"
}
],
"source_lang": "en-US",
"title": "IBM WebSphere Application Server und WebSphere Application Server Liberty: Schwachstelle erm\u00f6glicht Denial of Service",
"tracking": {
"current_release_date": "2026-05-28T22:00:00.000+00:00",
"generator": {
"date": "2026-05-29T07:40:41.810+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-0517",
"initial_release_date": "2026-02-25T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-02-25T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-03-10T23:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-03-11T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-12T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-07T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-14T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-28T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "24.0.0",
"product": {
"name": "IBM Business Automation Workflow 24.0.0",
"product_id": "T036570",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0"
}
}
},
{
"category": "product_version",
"name": "24.0.1",
"product": {
"name": "IBM Business Automation Workflow 24.0.1",
"product_id": "T049760",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1"
}
}
},
{
"category": "product_version",
"name": "25.0.0",
"product": {
"name": "IBM Business Automation Workflow 25.0.0",
"product_id": "T049761",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:25.0.0"
}
}
},
{
"category": "product_version",
"name": "25.0.1",
"product": {
"name": "IBM Business Automation Workflow 25.0.1",
"product_id": "T049762",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:25.0.1"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
},
{
"category": "product_name",
"name": "IBM MQ",
"product": {
"name": "IBM MQ",
"product_id": "T021398",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:mq:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "8.11.1.0",
"product": {
"name": "IBM Operational Decision Manager 8.11.1.0",
"product_id": "06578EE6-A586-4789-BE88-3E269B0868D5",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.1.0"
}
}
},
{
"category": "product_version",
"name": "9.0.0.1",
"product": {
"name": "IBM Operational Decision Manager 9.0.0.1",
"product_id": "07A5E294-8A94-42D5-B418-207BAE046F8E",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:9.0.0.1"
}
}
},
{
"category": "product_version",
"name": "8.11.0.1",
"product": {
"name": "IBM Operational Decision Manager 8.11.0.1",
"product_id": "1587022",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.11.0.1"
}
}
},
{
"category": "product_version",
"name": "8.12.0.1",
"product": {
"name": "IBM Operational Decision Manager 8.12.0.1",
"product_id": "1587024",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:8.12.0.1"
}
}
},
{
"category": "product_version",
"name": "9.5.0.1",
"product": {
"name": "IBM Operational Decision Manager 9.5.0.1",
"product_id": "T050692",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:operational_decision_manager:9.5.0.1"
}
}
}
],
"category": "product_name",
"name": "Operational Decision Manager"
},
{
"branches": [
{
"category": "product_version",
"name": "9.1-9.1.0.9",
"product": {
"name": "IBM Rational ClearQuest 9.1-9.1.0.9",
"product_id": "T051277",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:9.1_-_9.1.0.9"
}
}
},
{
"category": "product_version",
"name": "10.0-10.0.8",
"product": {
"name": "IBM Rational ClearQuest 10.0-10.0.8",
"product_id": "T051278",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:rational_clearquest:10.0_-_10.0.8"
}
}
}
],
"category": "product_name",
"name": "Rational ClearQuest"
},
{
"branches": [
{
"category": "product_version",
"name": "Multiplatforms",
"product": {
"name": "IBM TXSeries Multiplatforms",
"product_id": "T045090",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:txseries:multiplatforms"
}
}
}
],
"category": "product_name",
"name": "TXSeries"
},
{
"branches": [
{
"category": "product_version",
"name": "6.3.0.7",
"product": {
"name": "IBM Tivoli Monitoring 6.3.0.7",
"product_id": "342008",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_monitoring:6.3.0.7"
}
}
}
],
"category": "product_name",
"name": "Tivoli Monitoring"
},
{
"category": "product_name",
"name": "IBM Tivoli Network Manager",
"product": {
"name": "IBM Tivoli Network Manager",
"product_id": "T046989",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c9.0.5.26 PH69757",
"product": {
"name": "IBM WebSphere Application Server \u003c9.0.5.26 PH69757",
"product_id": "T051209"
}
},
{
"category": "product_version",
"name": "9.0.5.26 PH69757",
"product": {
"name": "IBM WebSphere Application Server 9.0.5.26 PH69757",
"product_id": "T051209-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:9.0.5.26_ph69757"
}
}
},
{
"category": "product_version_range",
"name": "Liberty \u003c26.0.0.2 PH69729",
"product": {
"name": "IBM WebSphere Application Server Liberty \u003c26.0.0.2 PH69729",
"product_id": "T051211"
}
},
{
"category": "product_version",
"name": "Liberty 26.0.0.2 PH69729",
"product": {
"name": "IBM WebSphere Application Server Liberty 26.0.0.2 PH69729",
"product_id": "T051211-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:liberty__26.0.0.2_ph69729"
}
}
},
{
"category": "product_version_range",
"name": "\u003c8.5.5.29 PH69757",
"product": {
"name": "IBM WebSphere Application Server \u003c8.5.5.29 PH69757",
"product_id": "T051212"
}
},
{
"category": "product_version",
"name": "8.5.5.29 PH69757",
"product": {
"name": "IBM WebSphere Application Server 8.5.5.29 PH69757",
"product_id": "T051212-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_application_server:8.5.5.29_ph69757"
}
}
}
],
"category": "product_name",
"name": "WebSphere Application Server"
},
{
"category": "product_name",
"name": "IBM WebSphere Service Registry and Repository",
"product": {
"name": "IBM WebSphere Service Registry and Repository",
"product_id": "T048917",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:websphere_service_registry_and_repository:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-29371",
"product_status": {
"known_affected": [
"06578EE6-A586-4789-BE88-3E269B0868D5",
"T045090",
"07A5E294-8A94-42D5-B418-207BAE046F8E",
"T050692",
"T051278",
"T051212",
"T051277",
"T051211",
"T036570",
"T048917",
"T046989",
"T051209",
"T049762",
"T049761",
"T049760",
"342008",
"T021398",
"1587022",
"1587024"
]
},
"release_date": "2026-02-25T23:00:00.000+00:00",
"title": "CVE-2024-29371"
}
]
}
WID-SEC-W-2026-1210
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-04-21 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Oracle Siebel CRM <=26.1
Oracle / Siebel CRM
|
<=26.1 | ||
|
Oracle Siebel CRM <=26.2
Oracle / Siebel CRM
|
<=26.2 | ||
|
Oracle Siebel CRM <=25.11
Oracle / Siebel CRM
|
<=25.11 |
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Siebel CRM ist eine CRM-L\u00f6sung von Oracle.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Siebel CRM ausnutzen, um die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1210 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1210.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1210 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1210"
},
{
"category": "external",
"summary": "Oracle Critical Patch Update Advisory - April 2026 - Appendix Oracle Siebel CRM vom 2026-04-21",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html#AppendixSECR"
}
],
"source_lang": "en-US",
"title": "Oracle Siebel CRM: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-04-21T22:00:00.000+00:00",
"generator": {
"date": "2026-04-22T09:04:47.548+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-1210",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=25.11",
"product": {
"name": "Oracle Siebel CRM \u003c=25.11",
"product_id": "T050156"
}
},
{
"category": "product_version_range",
"name": "\u003c=25.11",
"product": {
"name": "Oracle Siebel CRM \u003c=25.11",
"product_id": "T050156-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=26.2",
"product": {
"name": "Oracle Siebel CRM \u003c=26.2",
"product_id": "T053115"
}
},
{
"category": "product_version_range",
"name": "\u003c=26.2",
"product": {
"name": "Oracle Siebel CRM \u003c=26.2",
"product_id": "T053115-fixed"
}
},
{
"category": "product_version_range",
"name": "\u003c=26.1",
"product": {
"name": "Oracle Siebel CRM \u003c=26.1",
"product_id": "T053116"
}
},
{
"category": "product_version_range",
"name": "\u003c=26.1",
"product": {
"name": "Oracle Siebel CRM \u003c=26.1",
"product_id": "T053116-fixed"
}
}
],
"category": "product_name",
"name": "Siebel CRM"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45688",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2022-45688"
},
{
"cve": "CVE-2023-1436",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-1436"
},
{
"cve": "CVE-2023-26464",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-26464"
},
{
"cve": "CVE-2024-29371",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-29371"
},
{
"cve": "CVE-2024-36124",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-36124"
},
{
"cve": "CVE-2025-13601",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-13601"
},
{
"cve": "CVE-2025-27817",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-48924",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-58057",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-68161",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2025-69223",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-69223"
},
{
"cve": "CVE-2025-7962",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-7962"
},
{
"cve": "CVE-2025-8869",
"product_status": {
"last_affected": [
"T053116",
"T053115",
"T050156"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-8869"
}
]
}
WID-SEC-W-2026-1229
Vulnerability from csaf_certbund - Published: 2026-04-21 22:00 - Updated: 2026-05-25 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Atlassian Jira Service Management <10.3.19
Atlassian / Jira
|
Service Management <10.3.19 | ||
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
Atlassian Bitbucket <10.2.2
Atlassian / Bitbucket
|
<10.2.2 | ||
|
Atlassian Jira Service Management <11.3.4
Atlassian / Jira
|
Service Management <11.3.4 | ||
|
Atlassian Jira <11.3.4
Atlassian / Jira
|
<11.3.4 | ||
|
Atlassian Jira <10.3.19
Atlassian / Jira
|
<10.3.19 | ||
|
Red Hat OpenShift Container Platform release 4.21.17
Red Hat / OpenShift
|
cpe:/a:redhat:openshift:container_platform_release_4.21.17
|
Container Platform release 4.21.17 | |
|
Atlassian Bamboo <12.1.6
Atlassian / Bamboo
|
<12.1.6 | ||
|
Atlassian Confluence <9.2.19
Atlassian / Confluence
|
<9.2.19 | ||
|
Atlassian Bamboo <10.2.18
Atlassian / Bamboo
|
<10.2.18 | ||
|
Atlassian Confluence <10.2.10
Atlassian / Confluence
|
<10.2.10 | ||
|
IBM App Connect Enterprise
IBM
|
cpe:/a:ibm:app_connect_enterprise:-
|
— | |
|
Atlassian Bitbucket <9.4.19
Atlassian / Bitbucket
|
<9.4.19 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira ausnutzen, um beliebigen Programmcode auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, Daten zu manipulieren oder offenzulegen oder Cross-Site-Scripting-Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1229 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1229.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1229 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1229"
},
{
"category": "external",
"summary": "Atlassian Security Bulletin - April 21 2026 vom 2026-04-21",
"url": "https://confluence.atlassian.com/security/security-bulletin-april-21-2026-1770913890.html"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10209 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10209"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10205 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10205"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10215 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10215"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10206 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10206"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10204 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10204"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10211 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10211"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10214 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10214"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10213 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10213"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:10201 vom 2026-04-23",
"url": "https://access.redhat.com/errata/RHSA-2026:10201"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:11070 vom 2026-04-28",
"url": "https://access.redhat.com/errata/RHSA-2026:11070"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7271910 vom 2026-05-06",
"url": "https://www.ibm.com/support/pages/node/7271910"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:20034 vom 2026-05-26",
"url": "https://access.redhat.com/errata/RHSA-2026:20034"
}
],
"source_lang": "en-US",
"title": "Atlassian Bamboo, Bitbucket, Confluence, Jira: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-25T22:00:00.000+00:00",
"generator": {
"date": "2026-05-26T12:16:36.572+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1229",
"initial_release_date": "2026-04-21T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-23T22:00:00.000+00:00",
"number": "2",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-04-27T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Red Hat aufgenommen"
},
{
"date": "2026-05-06T22:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
},
{
"date": "2026-05-25T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von Red Hat aufgenommen"
}
],
"status": "final",
"version": "5"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c12.1.6",
"product": {
"name": "Atlassian Bamboo \u003c12.1.6",
"product_id": "T053202"
}
},
{
"category": "product_version",
"name": "12.1.6",
"product": {
"name": "Atlassian Bamboo 12.1.6",
"product_id": "T053202-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:12.1.6"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.2.18",
"product": {
"name": "Atlassian Bamboo \u003c10.2.18",
"product_id": "T053203"
}
},
{
"category": "product_version",
"name": "10.2.18",
"product": {
"name": "Atlassian Bamboo 10.2.18",
"product_id": "T053203-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bamboo:10.2.18"
}
}
}
],
"category": "product_name",
"name": "Bamboo"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.2",
"product": {
"name": "Atlassian Bitbucket \u003c10.2.2",
"product_id": "T053207"
}
},
{
"category": "product_version",
"name": "10.2.2",
"product": {
"name": "Atlassian Bitbucket 10.2.2",
"product_id": "T053207-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:10.2.2"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.4.19",
"product": {
"name": "Atlassian Bitbucket \u003c9.4.19",
"product_id": "T053209"
}
},
{
"category": "product_version",
"name": "9.4.19",
"product": {
"name": "Atlassian Bitbucket 9.4.19",
"product_id": "T053209-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:bitbucket:9.4.19"
}
}
}
],
"category": "product_name",
"name": "Bitbucket"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.2.10",
"product": {
"name": "Atlassian Confluence \u003c10.2.10",
"product_id": "T053211"
}
},
{
"category": "product_version",
"name": "10.2.10",
"product": {
"name": "Atlassian Confluence 10.2.10",
"product_id": "T053211-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:10.2.10"
}
}
},
{
"category": "product_version_range",
"name": "\u003c9.2.19",
"product": {
"name": "Atlassian Confluence \u003c9.2.19",
"product_id": "T053213"
}
},
{
"category": "product_version",
"name": "9.2.19",
"product": {
"name": "Atlassian Confluence 9.2.19",
"product_id": "T053213-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:confluence:9.2.19"
}
}
}
],
"category": "product_name",
"name": "Confluence"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c11.3.4",
"product": {
"name": "Atlassian Jira \u003c11.3.4",
"product_id": "T053215"
}
},
{
"category": "product_version",
"name": "11.3.4",
"product": {
"name": "Atlassian Jira 11.3.4",
"product_id": "T053215-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:11.3.4"
}
}
},
{
"category": "product_version_range",
"name": "\u003c10.3.19",
"product": {
"name": "Atlassian Jira \u003c10.3.19",
"product_id": "T053216"
}
},
{
"category": "product_version",
"name": "10.3.19",
"product": {
"name": "Atlassian Jira 10.3.19",
"product_id": "T053216-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:10.3.19"
}
}
},
{
"category": "product_version_range",
"name": "Service Management \u003c11.3.4",
"product": {
"name": "Atlassian Jira Service Management \u003c11.3.4",
"product_id": "T053218"
}
},
{
"category": "product_version",
"name": "Service Management 11.3.4",
"product": {
"name": "Atlassian Jira Service Management 11.3.4",
"product_id": "T053218-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management__11.3.4"
}
}
},
{
"category": "product_version_range",
"name": "Service Management \u003c10.3.19",
"product": {
"name": "Atlassian Jira Service Management \u003c10.3.19",
"product_id": "T053221"
}
},
{
"category": "product_version",
"name": "Service Management 10.3.19",
"product": {
"name": "Atlassian Jira Service Management 10.3.19",
"product_id": "T053221-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:atlassian:jira:service_management__10.3.19"
}
}
}
],
"category": "product_name",
"name": "Jira"
}
],
"category": "vendor",
"name": "Atlassian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM App Connect Enterprise",
"product": {
"name": "IBM App Connect Enterprise",
"product_id": "T052517",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:app_connect_enterprise:-"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
},
{
"branches": [
{
"category": "product_version",
"name": "Container Platform release 4.21.17",
"product": {
"name": "Red Hat OpenShift Container Platform release 4.21.17",
"product_id": "T054688",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:openshift:container_platform_release_4.21.17"
}
}
}
],
"category": "product_name",
"name": "OpenShift"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-0341",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2021-0341"
},
{
"cve": "CVE-2021-31597",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2021-31597"
},
{
"cve": "CVE-2022-1471",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2022-1471"
},
{
"cve": "CVE-2022-25927",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2022-25927"
},
{
"cve": "CVE-2023-1370",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-1370"
},
{
"cve": "CVE-2023-3635",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-3635"
},
{
"cve": "CVE-2023-48631",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2023-48631"
},
{
"cve": "CVE-2024-29371",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-29371"
},
{
"cve": "CVE-2024-45801",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-45801"
},
{
"cve": "CVE-2024-47875",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2024-47875"
},
{
"cve": "CVE-2025-48734",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-66020",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2025-66020"
},
{
"cve": "CVE-2026-21571",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-21571"
},
{
"cve": "CVE-2026-22029",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-22029"
},
{
"cve": "CVE-2026-23745",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-23745"
},
{
"cve": "CVE-2026-23950",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-23950"
},
{
"cve": "CVE-2026-24734",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24734"
},
{
"cve": "CVE-2026-24842",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24842"
},
{
"cve": "CVE-2026-24880",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-24880"
},
{
"cve": "CVE-2026-25547",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-25547"
},
{
"cve": "CVE-2026-25639",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-25639"
},
{
"cve": "CVE-2026-26960",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-26960"
},
{
"cve": "CVE-2026-29063",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-29063"
},
{
"cve": "CVE-2026-31802",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-31802"
},
{
"cve": "CVE-2026-33870",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33870"
},
{
"cve": "CVE-2026-33871",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-33871"
},
{
"cve": "CVE-2026-34487",
"product_status": {
"known_affected": [
"T053221",
"67646",
"T053207",
"T053218",
"T053215",
"T053216",
"T054688",
"T053202",
"T053213",
"T053203",
"T053211",
"T052517",
"T053209"
]
},
"release_date": "2026-04-21T22:00:00.000+00:00",
"title": "CVE-2026-34487"
}
]
}
WID-SEC-W-2026-1687
Vulnerability from csaf_certbund - Published: 2026-05-26 22:00 - Updated: 2026-05-26 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM License Metric Tool 9.2
IBM / License Metric Tool
|
cpe:/a:ibm:license_metric_tool:9.2
|
9.2 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das IBM License Metric Tool dient der Lizenzverwaltung f\u00fcr IBM Produkte.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in IBM License Metric Tool ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- Sonstiges\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1687 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1687.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1687 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1687"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7273983 vom 2026-05-26",
"url": "https://www.ibm.com/support/pages/node/7273983"
}
],
"source_lang": "en-US",
"title": "IBM License Metric Tool: Mehrere Schwachstellen erm\u00f6glichen nicht spezifizierten Angriff",
"tracking": {
"current_release_date": "2026-05-26T22:00:00.000+00:00",
"generator": {
"date": "2026-05-27T11:20:42.217+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1687",
"initial_release_date": "2026-05-26T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "9.2",
"product": {
"name": "IBM License Metric Tool 9.2",
"product_id": "T031605",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:license_metric_tool:9.2"
}
}
}
],
"category": "product_name",
"name": "License Metric Tool"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-26141",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2024-26141"
},
{
"cve": "CVE-2024-29371",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2024-29371"
},
{
"cve": "CVE-2024-34459",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2024-34459"
},
{
"cve": "CVE-2025-14917",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2025-14917"
},
{
"cve": "CVE-2025-14923",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2025-14923"
},
{
"cve": "CVE-2025-62718",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2025-62718"
},
{
"cve": "CVE-2025-6490",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2025-6490"
},
{
"cve": "CVE-2026-0636",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-0636"
},
{
"cve": "CVE-2026-1561",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-1561"
},
{
"cve": "CVE-2026-22007",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22007"
},
{
"cve": "CVE-2026-22008",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22008"
},
{
"cve": "CVE-2026-22013",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22013"
},
{
"cve": "CVE-2026-22016",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22016"
},
{
"cve": "CVE-2026-22018",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22018"
},
{
"cve": "CVE-2026-22021",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-22021"
},
{
"cve": "CVE-2026-23865",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-23865"
},
{
"cve": "CVE-2026-23907",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-23907"
},
{
"cve": "CVE-2026-26961",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-26961"
},
{
"cve": "CVE-2026-33168",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33168"
},
{
"cve": "CVE-2026-33169",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33169"
},
{
"cve": "CVE-2026-33170",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33170"
},
{
"cve": "CVE-2026-33173",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33173"
},
{
"cve": "CVE-2026-33174",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33174"
},
{
"cve": "CVE-2026-33176",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33176"
},
{
"cve": "CVE-2026-33195",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33195"
},
{
"cve": "CVE-2026-33202",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33202"
},
{
"cve": "CVE-2026-33929",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-33929"
},
{
"cve": "CVE-2026-34230",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34230"
},
{
"cve": "CVE-2026-34268",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34268"
},
{
"cve": "CVE-2026-34282",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34282"
},
{
"cve": "CVE-2026-34763",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34763"
},
{
"cve": "CVE-2026-34785",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34785"
},
{
"cve": "CVE-2026-34786",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34786"
},
{
"cve": "CVE-2026-34826",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34826"
},
{
"cve": "CVE-2026-34829",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34829"
},
{
"cve": "CVE-2026-34830",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34830"
},
{
"cve": "CVE-2026-34831",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-34831"
},
{
"cve": "CVE-2026-35611",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-35611"
},
{
"cve": "CVE-2026-42033",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42033"
},
{
"cve": "CVE-2026-42034",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42034"
},
{
"cve": "CVE-2026-42035",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42035"
},
{
"cve": "CVE-2026-42036",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42036"
},
{
"cve": "CVE-2026-42037",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42037"
},
{
"cve": "CVE-2026-42038",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42038"
},
{
"cve": "CVE-2026-42039",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42039"
},
{
"cve": "CVE-2026-42040",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42040"
},
{
"cve": "CVE-2026-42041",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42041"
},
{
"cve": "CVE-2026-42042",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42042"
},
{
"cve": "CVE-2026-42043",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42043"
},
{
"cve": "CVE-2026-42044",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42044"
},
{
"cve": "CVE-2026-42264",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-42264"
},
{
"cve": "CVE-2026-5588",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-5588"
},
{
"cve": "CVE-2026-6918",
"product_status": {
"known_affected": [
"T031605"
]
},
"release_date": "2026-05-26T22:00:00.000+00:00",
"title": "CVE-2026-6918"
}
]
}
WID-SEC-W-2026-1752
Vulnerability from csaf_certbund - Published: 2026-05-31 22:00 - Updated: 2026-05-31 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
IBM Business Automation Workflow <24.0.0-IF009
IBM / Business Automation Workflow
|
<24.0.0-IF009 | ||
|
IBM Business Automation Workflow <24.0.1-IF007
IBM / Business Automation Workflow
|
<24.0.1-IF007 | ||
|
IBM Business Automation Workflow <25.0.0-IF005
IBM / Business Automation Workflow
|
<25.0.0-IF005 | ||
|
IBM Business Automation Workflow <25.0.1-IF001
IBM / Business Automation Workflow
|
<25.0.1-IF001 |
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen in IBM Business Automation Workflow ausnutzen, um Sicherheitsvorkehrungen zu umgehen, um einen Denial of Service Angriff durchzuf\u00fchren, um Informationen offenzulegen, um Dateien zu manipulieren, und um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX\n- Windows",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1752 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1752.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1752 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1752"
},
{
"category": "external",
"summary": "IBM Security Bulletin 7274511 vom 2026-05-31",
"url": "https://www.ibm.com/support/pages/node/7274511"
}
],
"source_lang": "en-US",
"title": "IBM Business Automation Workflow: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-05-31T22:00:00.000+00:00",
"generator": {
"date": "2026-06-01T10:32:25.918+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1752",
"initial_release_date": "2026-05-31T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-05-31T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c25.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow \u003c25.0.1-IF001",
"product_id": "T054911"
}
},
{
"category": "product_version",
"name": "25.0.1-IF001",
"product": {
"name": "IBM Business Automation Workflow 25.0.1-IF001",
"product_id": "T054911-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:25.0.1-if001"
}
}
},
{
"category": "product_version_range",
"name": "\u003c25.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow \u003c25.0.0-IF005",
"product_id": "T054912"
}
},
{
"category": "product_version",
"name": "25.0.0-IF005",
"product": {
"name": "IBM Business Automation Workflow 25.0.0-IF005",
"product_id": "T054912-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:25.0.0-if005"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.1-IF007",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.1-IF007",
"product_id": "T054913"
}
},
{
"category": "product_version",
"name": "24.0.1-IF007",
"product": {
"name": "IBM Business Automation Workflow 24.0.1-IF007",
"product_id": "T054913-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.1-if007"
}
}
},
{
"category": "product_version_range",
"name": "\u003c24.0.0-IF009",
"product": {
"name": "IBM Business Automation Workflow \u003c24.0.0-IF009",
"product_id": "T054914"
}
},
{
"category": "product_version",
"name": "24.0.0-IF009",
"product": {
"name": "IBM Business Automation Workflow 24.0.0-IF009",
"product_id": "T054914-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:business_automation_workflow:24.0.0-if009"
}
}
}
],
"category": "product_name",
"name": "Business Automation Workflow"
}
],
"category": "vendor",
"name": "IBM"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2011-4969",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2011-4969"
},
{
"cve": "CVE-2012-6708",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2012-6708"
},
{
"cve": "CVE-2015-9251",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2015-9251"
},
{
"cve": "CVE-2019-11358",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2019-11358"
},
{
"cve": "CVE-2020-7656",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2020-7656"
},
{
"cve": "CVE-2024-29371",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2024-29371"
},
{
"cve": "CVE-2025-12183",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2025-12183"
},
{
"cve": "CVE-2025-14923",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2025-14923"
},
{
"cve": "CVE-2025-66566",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2025-66566"
},
{
"cve": "CVE-2026-33186",
"product_status": {
"known_affected": [
"T054914",
"T054913",
"T054912",
"T054911"
]
},
"release_date": "2026-05-31T22:00:00.000+00:00",
"title": "CVE-2026-33186"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.