Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-48734 (GCVE-0-2025-48734)
Vulnerability from cvelistv5 – Published: 2025-05-28 13:32 – Updated: 2026-04-29 03:55
VLAI
EPSS
Title
Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default
Summary
Improper Access Control vulnerability in Apache Commons.
A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.
Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.
This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils
1.x are recommended to upgrade to version 1.11.0, which fixes the issue.
Users of the artifact org.apache.commons:commons-beanutils2
2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.
Severity
8.8 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control
Assigner
References
3 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Apache Software Foundation | Apache Commons BeanUtils 1.x |
Affected:
1.0 , < 1.11.0
(maven)
|
|
| Apache Software Foundation | Apache Commons BeanUtils 2.x |
Affected:
2.0.0-M1 , < 2.0.0-M2
(maven)
|
Credits
Raj (mailto:denesh.raj@zohocorp.com)
Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-48734",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T03:55:27.335Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:04:56.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/28/6"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "commons-beanutils:commons-beanutils",
"product": "Apache Commons BeanUtils 1.x",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "1.11.0",
"status": "affected",
"version": "1.0",
"versionType": "maven"
}
]
},
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "org.apache.commons:commons-beanutils2",
"product": "Apache Commons BeanUtils 2.x",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.0.0-M2",
"status": "affected",
"version": "2.0.0-M1",
"versionType": "maven"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Raj (mailto:denesh.raj@zohocorp.com)"
},
{
"lang": "en",
"type": "finder",
"value": "Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\n\n\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "important"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T13:32:08.300Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2025-48734",
"datePublished": "2025-05-28T13:32:08.300Z",
"dateReserved": "2025-05-23T12:30:32.006Z",
"dateUpdated": "2026-04-29T03:55:27.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-48734",
"date": "2026-06-05",
"epss": "0.00258",
"percentile": "0.49502"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-48734\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2025-05-28T14:15:34.070\",\"lastModified\":\"2025-11-03T20:19:07.317\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Access Control vulnerability in Apache Commons.\\n\\n\\n\\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\\n\\n\\n\\n\\n\\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u2019s class loader via the \u201cdeclaredClass\u201d property available on all Java \u201cenum\u201d objects. Accessing the enum\u2019s \u201cdeclaredClass\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \u201cdeclaredClass\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\\n\\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\\n\\n\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de control de acceso inadecuado en Apache Commons. Se a\u00f1adi\u00f3 una clase especial BeanIntrospector en la versi\u00f3n 1.9.2. Esta permite impedir que los atacantes utilicen la propiedad de clase declarada de los objetos de enumeraci\u00f3n de Java para acceder al cargador de clases. Sin embargo, esta protecci\u00f3n no estaba habilitada por defecto. PropertyUtilsBean (y, en consecuencia, BeanUtilsBean) ahora impide el acceso a las propiedades de clase declaradas por defecto. Las versiones 1.11.0 y 2.0.0-M2 solucionan un posible problema de seguridad al acceder a las propiedades de enumeraci\u00f3n de forma incontrolada. Si una aplicaci\u00f3n que utiliza Commons BeanUtils pasa rutas de propiedades desde una fuente externa directamente al m\u00e9todo getProperty() de PropertyUtilsBean, un atacante puede acceder al cargador de clases de la enumeraci\u00f3n mediante la propiedad \\\"declaredClass\\\", disponible en todos los objetos \\\"enum\\\" de Java. Acceder a la propiedad \\\"declaredClass\\\" de la enumeraci\u00f3n permite a atacantes remotos acceder al cargador de clases y ejecutar c\u00f3digo arbitrario. El mismo problema existe con PropertyUtilsBean.getNestedProperty(). A partir de las versiones 1.11.0 y 2.0.0-M2, un BeanIntrospector especial suprime la propiedad \\\"declaredClass\\\". Tenga en cuenta que este nuevo BeanIntrospector est\u00e1 habilitado por defecto, pero puede deshabilitarlo para recuperar el comportamiento anterior; consulte la secci\u00f3n 2.5 de la gu\u00eda del usuario y las pruebas unitarias. Este problema afecta a Apache Commons BeanUtils 1.x anterior a la 1.11.0 y a las versiones 2.x anterior a la 2.0.0-M2. Se recomienda a los usuarios del artefacto commons-beanutils:commons-beanutils 1.x actualizar a la versi\u00f3n 1.11.0, que soluciona el problema. Se recomienda a los usuarios del artefacto org.apache.commons:commons-beanutils2 2.x actualizar a la versi\u00f3n 2.0.0-M2, que soluciona el problema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0\",\"versionEndExcluding\":\"1.11.0\",\"matchCriteriaId\":\"3ABE6272-1A82-437E-8153-DE129760FD51\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:commons_beanutils:2.0.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D211BECE-15F4-4685-8B8C-BB6221A2CC83\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/05/28/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/05/28/6\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/06/msg00027.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T20:04:56.273Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-48734\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-10-24T03:55:16.159076Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-05-28T14:01:12.288Z\"}}], \"cna\": {\"title\": \"Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Raj (mailto:denesh.raj@zohocorp.com)\"}, {\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Muthukumar Marikani (mailto:muthukumar.marikani@zohocorp.com)\"}], \"metrics\": [{\"other\": {\"type\": \"Textual description of severity\", \"content\": {\"text\": \"important\"}}}], \"affected\": [{\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons BeanUtils 1.x\", \"versions\": [{\"status\": \"affected\", \"version\": \"1.0\", \"lessThan\": \"1.11.0\", \"versionType\": \"maven\"}], \"packageName\": \"commons-beanutils:commons-beanutils\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}, {\"vendor\": \"Apache Software Foundation\", \"product\": \"Apache Commons BeanUtils 2.x\", \"versions\": [{\"status\": \"affected\", \"version\": \"2.0.0-M1\", \"lessThan\": \"2.0.0-M2\", \"versionType\": \"maven\"}], \"packageName\": \"org.apache.commons:commons-beanutils2\", \"collectionURL\": \"https://repo.maven.apache.org/maven2\", \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Improper Access Control vulnerability in Apache Commons.\\n\\n\\n\\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\\n\\n\\n\\n\\n\\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\\u2019s class loader via the \\u201cdeclaredClass\\u201d property available on all Java \\u201cenum\\u201d objects. Accessing the enum\\u2019s \\u201cdeclaredClass\\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \\u201cdeclaredClass\\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\\n\\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\\n\\n\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eImproper Access Control vulnerability in Apache Commons.\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cdiv\u003e\u003cdiv\u003e\u003cp\u003eA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\u003c/p\u003e\u003c/div\u003e\u003c/div\u003eReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\\u2019s class loader via the \\u201cdeclaredClass\\u201d property available on all Java \\u201cenum\\u201d objects. Accessing the enum\\u2019s \\u201cdeclaredClass\\u201d allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\u003cbr\u003eStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \\u201cdeclaredClass\\u201d property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\u003cp\u003e\u003c/p\u003eThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.\u003cp\u003eUsers of the artifact commons-beanutils:commons-beanutils\\n\\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\u003c/p\u003e\u003cp\u003e\\nUsers of the artifact org.apache.commons:commons-beanutils2\\n\\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.\\n\\n\u003cbr\u003e\u003c/p\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-284\", \"description\": \"CWE-284 Improper Access Control\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2025-05-28T13:32:08.300Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-48734\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T03:55:27.335Z\", \"dateReserved\": \"2025-05-23T12:30:32.006Z\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"datePublished\": \"2025-05-28T13:32:08.300Z\", \"assignerShortName\": \"apache\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
NCSC-2025-0336
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:49 - Updated: 2025-10-23 13:49Summary
Kwetsbaarheden verholpen in Oracle Hyperion
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in Oracle Hyperion, waaronder Hyperion Financial Management en Hyperion Data Relationship Management.
Interpretaties: De kwetsbaarheden in Oracle Hyperion stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot het systeem, wat kan leiden tot ongeautoriseerde gegevensaccess en manipulatie. Specifieke kwetsbaarheden zijn geclassificeerd met een CVSS-score van 6.1 tot 8.8, wat wijst op hun kritieke aard. Daarnaast zijn er kwetsbaarheden die Denial-of-Service (DoS) aanvallen mogelijk maken, met een CVSS-score van 7.5.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-284: Improper Access Control
CWE-404: Improper Resource Shutdown or Release
CWE-416: Use After Free
CWE-770: Allocation of Resources Without Limits or Throttling
OpenSSL and various Oracle products exhibit vulnerabilities related to ASN.1 string processing and unauthorized access, with specific versions addressing critical security issues and CVSS scores indicating significant risk.
7.4 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Calculation Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Data Relationship Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Infrastructure Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Planning
|
vers:unknown/* |
Multiple Oracle products, including Financial Services, Communications, and Hyperion, have vulnerabilities that can be exploited by remote attackers, with varying damage ratings from medium to high based on the CVSS Impact Matrix.
9.8 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Calculation Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Data Relationship Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Infrastructure Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Planning
|
vers:unknown/* |
Recent vulnerabilities in Oracle Hyperion Data Relationship Management and jquery-validation expose systems to unauthorized access and Cross-site Scripting attacks, with a CVSS score of 6.1 for the former.
6.1 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Calculation Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Data Relationship Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Infrastructure Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Planning
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Calculation Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Data Relationship Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Infrastructure Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Planning
|
vers:unknown/* |
Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Calculation Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Data Relationship Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Financial Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Infrastructure Technology
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Hyperion Planning
|
vers:unknown/* |
References
6 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft meerdere kwetsbaarheden verholpen in Oracle Hyperion, waaronder Hyperion Financial Management en Hyperion Data Relationship Management.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle Hyperion stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot het systeem, wat kan leiden tot ongeautoriseerde gegevensaccess en manipulatie. Specifieke kwetsbaarheden zijn geclassificeerd met een CVSS-score van 6.1 tot 8.8, wat wijst op hun kritieke aard. Daarnaast zijn er kwetsbaarheden die Denial-of-Service (DoS) aanvallen mogelijk maken, met een CVSS-score van 7.5.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Hyperion",
"tracking": {
"current_release_date": "2025-10-23T13:49:44.344049Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0336",
"initial_release_date": "2025-10-23T13:49:44.344049Z",
"revision_history": [
{
"date": "2025-10-23T13:49:44.344049Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Hyperion Financial Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Hyperion Calculation Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Hyperion Data Relationship Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Hyperion Financial Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Hyperion Infrastructure Technology"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Hyperion Planning"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3712",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "OpenSSL and various Oracle products exhibit vulnerabilities related to ASN.1 string processing and unauthorized access, with specific versions addressing critical security issues and CVSS scores indicating significant risk.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-3712 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-3712.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2021-3712"
},
{
"cve": "CVE-2024-23807",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Multiple Oracle products, including Financial Services, Communications, and Hyperion, have vulnerabilities that can be exploited by remote attackers, with varying damage ratings from medium to high based on the CVSS Impact Matrix.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-23807 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-23807.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2024-23807"
},
{
"cve": "CVE-2025-3573",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Hyperion Data Relationship Management and jquery-validation expose systems to unauthorized access and Cross-site Scripting attacks, with a CVSS score of 6.1 for the former.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-3573 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3573.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-3573"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48976"
}
]
}
NCSC-2025-0338
Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:53 - Updated: 2025-10-23 13:53Summary
Kwetsbaarheden verholpen in Oracle JD Edwards EnterpriseOne Tools
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (Specifiek voor versies 9.2.0.0 tot 9.2.9.4).
Interpretaties: De kwetsbaarheden in JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde aanvallers in staat om het systeem via HTTP te compromitteren, wat kan leiden tot ongeautoriseerde toegang en wijzigingen van gevoelige gegevens. Dit heeft invloed op zowel de vertrouwelijkheid als de integriteit van de gegevens. De kwetsbaarheid heeft een CVSS-score van 6.1, wat duidt op een gematigde ernst.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-94: Improper Control of Generation of Code ('Code Injection')
CWE-125: Out-of-bounds Read
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-404: Improper Resource Shutdown or Release
CWE-488: Exposure of Data Element to Wrong Session
CWE-502: Deserialization of Untrusted Data
CWE-668: Exposure of Resource to Wrong Sphere
CWE-787: Out-of-bounds Write
CWE-840: CWE-840
Multiple vulnerabilities in libcurl and TensorFlow dependencies expose sensitive data and require updates to address security issues across various versions.
CWE-668 - Exposure of Resource to Wrong SphereAffected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Low-level GF(2^m) elliptic curve APIs in OpenSSL and other Oracle products present vulnerabilities, including out-of-bounds memory access and unauthorized data access, with varying severity across different applications.
4.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Recent vulnerabilities in Oracle JD Edwards, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access, data corruption, and manipulation risks.
7.2 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Multiple vulnerabilities across Apache MINA, Oracle Middleware, JD Edwards, NetApp products, and HPE Telco IP Mediation expose systems to remote code execution, unauthorized access, and potential data compromise, with CVSS scores reaching 9.8.
9.8 (Critical)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
3 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / JD Edwards
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Orchestrator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / JD Edwards EnterpriseOne Tools
|
vers:unknown/* |
References
9 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in JD Edwards EnterpriseOne Tools (Specifiek voor versies 9.2.0.0 tot 9.2.9.4).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in JD Edwards EnterpriseOne Tools stellen ongeauthenticeerde aanvallers in staat om het systeem via HTTP te compromitteren, wat kan leiden tot ongeautoriseerde toegang en wijzigingen van gevoelige gegevens. Dit heeft invloed op zowel de vertrouwelijkheid als de integriteit van de gegevens. De kwetsbaarheid heeft een CVSS-score van 6.1, wat duidt op een gematigde ernst.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheid te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "general",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "general",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "CWE-840",
"title": "CWE-840"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle JD Edwards EnterpriseOne Tools",
"tracking": {
"current_release_date": "2025-10-23T13:53:27.268400Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0338",
"initial_release_date": "2025-10-23T13:53:27.268400Z",
"revision_history": [
{
"date": "2025-10-23T13:53:27.268400Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "JD Edwards"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "JD Edwards EnterpriseOne Orchestrator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "JD Edwards EnterpriseOne Tools"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-22897",
"cwe": {
"id": "CWE-668",
"name": "Exposure of Resource to Wrong Sphere"
},
"notes": [
{
"category": "other",
"text": "Exposure of Resource to Wrong Sphere",
"title": "CWE-668"
},
{
"category": "other",
"text": "CWE-840",
"title": "CWE-840"
},
{
"category": "other",
"text": "Exposure of Data Element to Wrong Session",
"title": "CWE-488"
},
{
"category": "description",
"text": "Multiple vulnerabilities in libcurl and TensorFlow dependencies expose sensitive data and require updates to address security issues across various versions.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2021-22897 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-22897.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2021-22897"
},
{
"cve": "CVE-2024-9143",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Low-level GF(2^m) elliptic curve APIs in OpenSSL and other Oracle products present vulnerabilities, including out-of-bounds memory access and unauthorized data access, with varying severity across different applications.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-9143 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-9143.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-9143"
},
{
"cve": "CVE-2024-13009",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle JD Edwards, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access, data corruption, and manipulation risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-13009 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-13009"
},
{
"cve": "CVE-2024-52046",
"cwe": {
"id": "CWE-94",
"name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"title": "CWE-94"
},
{
"category": "other",
"text": "Deserialization of Untrusted Data",
"title": "CWE-502"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache MINA, Oracle Middleware, JD Edwards, NetApp products, and HPE Telco IP Mediation expose systems to remote code execution, unauthorized access, and potential data compromise, with CVSS scores reaching 9.8.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-52046 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-52046.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2024-52046"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-53056",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "description",
"text": "A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53056 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53056.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53056"
},
{
"cve": "CVE-2025-53060",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle JD Edwards EnterpriseOne Tools (versions 9.2.0.0-9.2.9.4) allows unauthenticated attackers to exploit the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3"
]
}
],
"title": "CVE-2025-53060"
}
]
}
NCSC-2025-0340
Vulnerability from csaf_ncscnl - Published: 2025-10-23 14:13 - Updated: 2025-10-23 14:13Summary
Kwetsbaarheden verholpen in Oracle PeopleSoft
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).
Interpretaties: De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score variërend van 4.3 tot 7.5, wat wijst op aanzienlijke risico's voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-125: Out-of-bounds Read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-295: Improper Certificate Validation
CWE-400: Uncontrolled Resource Consumption
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CWE-674: Uncontrolled Recursion
Oracle PeopleSoft's OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.
6.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.
9.4 (Critical)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.
8.8 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
Recent vulnerabilities in urllib3 and Oracle PeopleSoft's PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.
5.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.
7.5 (High)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.
6.1 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.
4.9 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.
5.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.
4.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.
5.4 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
A vulnerability in Oracle PeopleSoft's FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.
6.3 (Medium)
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / PeopleSoft
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise CS Financial Aid
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN IT Asset Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Maintenance Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise FIN Payables
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / PeopleSoft Enterprise PeopleTools
|
vers:unknown/* |
References
19 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle PeopleSoft (Specifiek voor versies 8.60, 8.61, 8.62 en 9.2).",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in Oracle PeopleSoft stellen aanvallers in staat om ongeautoriseerde toegang te verkrijgen tot gevoelige gegevens en kunnen leiden tot gegevensmanipulatie. Dit omvat kwetsbaarheden die het mogelijk maken voor zowel laag- als hooggeprivilegieerde aanvallers om via HTTP toegang te krijgen tot kritieke data, met een CVSS-score vari\u00ebrend van 4.3 tot 7.5, wat wijst op aanzienlijke risico\u0027s voor de vertrouwelijkheid en integriteit van de gegevens. De kwetsbaarheden zijn te vinden in verschillende componenten zoals OpenSearch Dashboards, PeopleTools, en IT Asset Management.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle PeopleSoft",
"tracking": {
"current_release_date": "2025-10-23T14:13:39.969386Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2025-0340",
"initial_release_date": "2025-10-23T14:13:39.969386Z",
"revision_history": [
{
"date": "2025-10-23T14:13:39.969386Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "PeopleSoft"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise CS Financial Aid"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN IT Asset Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Maintenance Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise FIN Payables"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "PeopleSoft Enterprise PeopleTools"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-54160",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Oracle PeopleSoft\u0027s OpenSearch Dashboards (version 8.62) has a vulnerability allowing low-privileged attackers to exploit the system via HTTP, while earlier OpenSearch versions are vulnerable to XSS attacks due to unsanitized Markdown.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-54160 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-54160.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2024-54160"
},
{
"cve": "CVE-2025-4517",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4517 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4517"
},
{
"cve": "CVE-2025-4575",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "OpenSSL 3.5 has a critical bug in the -addreject option that mislabels trusted certificates, while also being vulnerable to unauthorized data modification, alongside a separate vulnerability in Oracle Communications Cloud Native Core Certificate Management 25.1.200.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4575 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4575.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-4575"
},
{
"cve": "CVE-2025-31672",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-50181",
"cwe": {
"id": "CWE-601",
"name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
},
"notes": [
{
"category": "other",
"text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"title": "CWE-601"
},
{
"category": "description",
"text": "Recent vulnerabilities in urllib3 and Oracle PeopleSoft\u0027s PeopleTools expose systems to SSRF attacks and unauthorized data access, with specific issues related to redirect handling and low-privileged access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-50181 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50181.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-50181"
},
{
"cve": "CVE-2025-53048",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Rich Text Editor component in versions 8.60, 8.61, and 8.62 allows low-privileged attackers to compromise the system through human interaction, risking unauthorized data access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53048 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53048.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53048"
},
{
"cve": "CVE-2025-53050",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Performance Monitor component (versions 8.60, 8.61, 8.62) allows unauthenticated attackers to execute a denial of service attack via HTTP, with a CVSS score of 7.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53050 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53050.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53050"
},
{
"cve": "CVE-2025-53055",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system via HTTP, posing risks to data confidentiality and integrity with a CVSS score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53055 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53055.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53055"
},
{
"cve": "CVE-2025-53059",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s OpenSearch Dashboards (versions 8.60, 8.61, and 8.62) allows high-privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 4.9.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53059 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53059.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53059"
},
{
"cve": "CVE-2025-53061",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows high-privileged attackers to compromise the system, impacting data confidentiality and integrity with a CVSS score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53061 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53061.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53061"
},
{
"cve": "CVE-2025-53063",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows low-privileged attackers to compromise the system, posing a moderate risk with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53063 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53063.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53063"
},
{
"cve": "CVE-2025-53065",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.60, 8.61, and 8.62) allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-53065 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53065.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-53065"
},
{
"cve": "CVE-2025-61750",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s Enterprise PeopleTools (versions 8.61 and 8.62) allows low-privileged attackers to gain unauthorized read access to certain data, with a CVSS 3.1 Base Score of 4.3 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61750 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61750.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61750"
},
{
"cve": "CVE-2025-61758",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft IT Asset Management 9.2 allows low-privileged attackers with network access to compromise the system, posing significant confidentiality risks with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61758 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61758.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61758"
},
{
"cve": "CVE-2025-61761",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Maintenance Management product (version 9.2) allows low-privileged attackers to compromise data, resulting in unauthorized updates, deletions, and read access, with a CVSS score of 5.4.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61761 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61761.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61761"
},
{
"cve": "CVE-2025-61762",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "A vulnerability in Oracle PeopleSoft\u0027s FIN Payables product (version 9.2) allows low-privileged attackers to exploit the system via HTTP, potentially leading to unauthorized data access and partial denial of service, with a CVSS score of 6.3.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61762 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61762.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6"
]
}
],
"title": "CVE-2025-61762"
}
]
}
NCSC-2026-0022
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25Summary
Kwetsbaarheden verholpen in Oracle Communications producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.
Interpretaties: De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-863: Incorrect Authorization
CWE-937: CWE-937
CWE-1035: CWE-1035
CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-20: Improper Input Validation
CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-116: Improper Encoding or Escaping of Output
CWE-121: Stack-based Buffer Overflow
CWE-122: Heap-based Buffer Overflow
CWE-123: Write-what-where Condition
CWE-125: Out-of-bounds Read
CWE-126: Buffer Over-read
CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-209: Generation of Error Message Containing Sensitive Information
CWE-252: Unchecked Return Value
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-295: Improper Certificate Validation
CWE-297: Improper Validation of Certificate with Host Mismatch
CWE-393: Return of Wrong Status Code
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-407: Inefficient Algorithmic Complexity
CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)
CWE-415: Double Free
CWE-416: Use After Free
CWE-611: Improper Restriction of XML External Entity Reference
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-789: Memory Allocation with Excessive Size Value
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.
4.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.
7.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.
8.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.
8.8 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.
5.9 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.
8.2 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications products and GnuTLS's certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.
8.2 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.
8.8 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.
10.0 (Critical)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.
8.3 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.
7.5 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.
5.3 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.
7.1 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.
8.6 (High)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.
10.0 (Critical)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.
5.4 (Medium)
Affected products
Known affected
18 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Communications
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Cloud Native Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications ASAP
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications BRM - Elastic Charging Engine
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Billing and Revenue Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Element Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications IP Service Activator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Analytics Data Director
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Network Integrity
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Operations Monitor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Order and Service Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Policy Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Pricing Design Center
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Border Controller
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Session Report Manager
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Assurance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Communications Unified Inventory Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Communications Broker
|
vers:unknown/* |
References
32 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "general",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"title": "CWE-77"
},
{
"category": "general",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "general",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "general",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "general",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "general",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "general",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "general",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "general",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "general",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "general",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "general",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "general",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "general",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "general",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "general",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Communications producten",
"tracking": {
"current_release_date": "2026-01-21T09:25:39.876330Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0022",
"initial_release_date": "2026-01-21T09:25:39.876330Z",
"revision_history": [
{
"date": "2026-01-21T09:25:39.876330Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Communications"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Cloud Native Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Communications ASAP"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Communications BRM - Elastic Charging Engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Communications Billing and Revenue Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Communications Element Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Communications IP Service Activator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Analytics Data Director"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Communications Network Integrity"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Communications Operations Monitor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-11"
}
}
],
"category": "product_name",
"name": "Oracle Communications Order and Service Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-12"
}
}
],
"category": "product_name",
"name": "Oracle Communications Policy Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-13"
}
}
],
"category": "product_name",
"name": "Oracle Communications Pricing Design Center"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-14"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Border Controller"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-15"
}
}
],
"category": "product_name",
"name": "Oracle Communications Session Report Manager"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-16"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Assurance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-17"
}
}
],
"category": "product_name",
"name": "Oracle Communications Unified Inventory Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-18"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Communications Broker"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-12133",
"cwe": {
"id": "CWE-407",
"name": "Inefficient Algorithmic Complexity"
},
"notes": [
{
"category": "other",
"text": "Inefficient Algorithmic Complexity",
"title": "CWE-407"
},
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-12133 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-12133"
},
{
"cve": "CVE-2024-46901",
"cwe": {
"id": "CWE-116",
"name": "Improper Encoding or Escaping of Output"
},
"notes": [
{
"category": "other",
"text": "Improper Encoding or Escaping of Output",
"title": "CWE-116"
},
{
"category": "other",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-46901 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2024-46901"
},
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-5318",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5318 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5318"
},
{
"cve": "CVE-2025-5987",
"cwe": {
"id": "CWE-393",
"name": "Return of Wrong Status Code"
},
"notes": [
{
"category": "other",
"text": "Return of Wrong Status Code",
"title": "CWE-393"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5987 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-5987"
},
{
"cve": "CVE-2025-8194",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "other",
"text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"title": "CWE-835"
},
{
"category": "description",
"text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8194 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8194"
},
{
"cve": "CVE-2025-8916",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-8916 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-8916"
},
{
"cve": "CVE-2025-9900",
"cwe": {
"id": "CWE-123",
"name": "Write-what-where Condition"
},
"notes": [
{
"category": "other",
"text": "Write-what-where Condition",
"title": "CWE-123"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9900 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-9900"
},
{
"cve": "CVE-2025-25193",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "description",
"text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-25193 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-25193"
},
{
"cve": "CVE-2025-26333",
"cwe": {
"id": "CWE-209",
"name": "Generation of Error Message Containing Sensitive Information"
},
"notes": [
{
"category": "other",
"text": "Generation of Error Message Containing Sensitive Information",
"title": "CWE-209"
},
{
"category": "description",
"text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-26333 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-26333"
},
{
"cve": "CVE-2025-27533",
"cwe": {
"id": "CWE-789",
"name": "Memory Allocation with Excessive Size Value"
},
"notes": [
{
"category": "other",
"text": "Memory Allocation with Excessive Size Value",
"title": "CWE-789"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27533 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-27533"
},
{
"cve": "CVE-2025-32988",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "other",
"text": "Double Free",
"title": "CWE-415"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32988 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32988"
},
{
"cve": "CVE-2025-32990",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-32990 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-32990"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-46727",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-46727 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-46727"
},
{
"cve": "CVE-2025-48060",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Stack-based Buffer Overflow",
"title": "CWE-121"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "other",
"text": "Buffer Over-read",
"title": "CWE-126"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48060 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48060"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49844",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "other",
"text": "Use After Free",
"title": "CWE-416"
},
{
"category": "description",
"text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49844 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-49844"
},
{
"cve": "CVE-2025-54571",
"cwe": {
"id": "CWE-252",
"name": "Unchecked Return Value"
},
"notes": [
{
"category": "other",
"text": "Unchecked Return Value",
"title": "CWE-252"
},
{
"category": "other",
"text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"title": "CWE-79"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-54571 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-54571"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2025-58098",
"cwe": {
"id": "CWE-201",
"name": "Insertion of Sensitive Information Into Sent Data"
},
"notes": [
{
"category": "other",
"text": "Insertion of Sensitive Information Into Sent Data",
"title": "CWE-201"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58098 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-58098"
},
{
"cve": "CVE-2025-59375",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-59375 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-59375"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-64718",
"cwe": {
"id": "CWE-1321",
"name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
"title": "CWE-1321"
},
{
"category": "description",
"text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-64718 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-64718"
},
{
"cve": "CVE-2025-65018",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "other",
"text": "Heap-based Buffer Overflow",
"title": "CWE-122"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-65018 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-65018"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2025-66516",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"notes": [
{
"category": "other",
"text": "Improper Restriction of XML External Entity Reference",
"title": "CWE-611"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66516 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 10.0,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-66516"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10",
"CSAFPID-11",
"CSAFPID-12",
"CSAFPID-13",
"CSAFPID-14",
"CSAFPID-15",
"CSAFPID-16",
"CSAFPID-17",
"CSAFPID-18"
]
}
],
"title": "CVE-2025-68161"
}
]
}
NCSC-2026-0024
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:29 - Updated: 2026-01-21 09:29Summary
Kwetsbaarheden verholpen in Oracle E-Business Suite
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Scripting, Workflow, Applications DBA en Configurator. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang, gegevensmanipulatie en datalekken.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-284: Improper Access Control
Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.
8.8 (High)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Configurator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Field Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Scripting
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Succession planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Time and Labor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Workflow
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's Scripting product (versions 12.2.3-12.2.15) allows unauthenticated attackers to compromise data through human interaction, risking unauthorized access and modifications.
6.1 (Medium)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Configurator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Field Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Scripting
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Succession planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Time and Labor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Workflow
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's Workflow component (versions 12.2.3-12.2.15) allows high-privileged attackers to compromise the system, with a CVSS 3.1 Base Score of 4.9 indicating confidentiality impacts.
4.9 (Medium)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Configurator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Field Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Scripting
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Succession planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Time and Labor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Workflow
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite (versions 12.2.3-12.2.15) allows high-privileged attackers to compromise the system, posing significant confidentiality and integrity risks with a CVSS score of 6.5.
6.5 (Medium)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Configurator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Field Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Scripting
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Succession planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Time and Labor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Workflow
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's Configurator component (versions 12.2.3-12.2.15) allows unauthenticated attackers to access sensitive data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality risks.
5.3 (Medium)
Affected products
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Configurator
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Field Service
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Human Resources
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Scripting
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Succession planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Time and Labor
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Workflow
|
vers:unknown/* |
References
6 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Scripting, Workflow, Applications DBA en Configurator. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang, gegevensmanipulatie en datalekken.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle E-Business Suite",
"tracking": {
"current_release_date": "2026-01-21T09:29:38.334428Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0024",
"initial_release_date": "2026-01-21T09:29:38.334428Z",
"revision_history": [
{
"date": "2026-01-21T09:29:38.334428Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Applications DBA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Configurator"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Field Service"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Human Resources"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Scripting"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Succession planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle Time and Labor"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Workflow"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2026-21943",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s Scripting product (versions 12.2.3-12.2.15) allows unauthenticated attackers to compromise data through human interaction, risking unauthorized access and modifications.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21943 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21943.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
}
],
"title": "CVE-2026-21943"
},
{
"cve": "CVE-2026-21959",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s Workflow component (versions 12.2.3-12.2.15) allows high-privileged attackers to compromise the system, with a CVSS 3.1 Base Score of 4.9 indicating confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21959 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21959.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
}
],
"title": "CVE-2026-21959"
},
{
"cve": "CVE-2026-21960",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite (versions 12.2.3-12.2.15) allows high-privileged attackers to compromise the system, posing significant confidentiality and integrity risks with a CVSS score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21960 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21960.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
}
],
"title": "CVE-2026-21960"
},
{
"cve": "CVE-2026-21972",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s Configurator component (versions 12.2.3-12.2.15) allows unauthenticated attackers to access sensitive data via HTTP, with a CVSS 3.1 Base Score of 5.3 indicating confidentiality risks.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21972 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21972.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8"
]
}
],
"title": "CVE-2026-21972"
}
]
}
NCSC-2026-0025
Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:55 - Updated: 2026-01-21 09:55Summary
Kwetsbaarheden verholpen in Oracle Financial Services
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.
Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico's. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-125: Out-of-bounds Read
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-284: Improper Access Control
CWE-285: Improper Authorization
CWE-287: Improper Authentication
CWE-289: Authentication Bypass by Alternate Name
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-521: Weak Password Requirements
CWE-674: Uncontrolled Recursion
CWE-770: Allocation of Resources Without Limits or Throttling
CWE-787: Out-of-bounds Write
CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
CWE-863: Incorrect Authorization
CWE-918: Server-Side Request Forgery (SSRF)
CWE-937: CWE-937
CWE-1035: CWE-1035
Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities have been identified across Oracle and NetApp products, including critical issues in Oracle Banking Liquidity Management and Spring Security flaws affecting sensitive data integrity.
7.4 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities across Apache Kafka and Oracle products allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for several Oracle systems.
8.1 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.
8.8 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities in Oracle's Primavera P6 and WebCenter Forms Recognition, along with an Apache CXF bug and issues in HPE Telco Service Activator, expose systems to unauthorized data access and potential denial of service.
5.6 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.
6.5 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.
9.1 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.
5.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.
8.6 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
A vulnerability in Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0 allows low privileged attackers to exploit it via HTTP, leading to unauthorized access and modification of critical data.
8.1 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
A vulnerability in Oracle FLEXCUBE Universal Banking (versions 14.0.0.0.0-14.8.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, rated with a CVSS 3.1 Base Score of 6.5.
6.5 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Banking Branch
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Cash Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Corporate Lending Process Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Liquidity Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Banking Supply Chain Finance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Investor Servicing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle FLEXCUBE Universal Banking
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Compliance Studio
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Financial Services Model Management and Governance
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Insurance Policy Administration J2EE
|
vers:unknown/* |
References
17 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle Banking Liquidity Management, Oracle Financial Services Model Management en Oracle FLEXCUBE.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens en Denial-of-Service (DoS) aan te richten. Dit kan leiden tot vertrouwelijkheids- en integriteitsrisico\u0027s. Specifieke kwetsbaarheden omvatten onjuist beheer van verbindingen en onvoldoende invoervalidatie wat kan resulteren in systeemcompromittering en serviceonderbrekingen.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "general",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "general",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "general",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "general",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "general",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "general",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "general",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "general",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "general",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "general",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "general",
"text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
"title": "CWE-843"
},
{
"category": "general",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "general",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "general",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "general",
"text": "CWE-1035",
"title": "CWE-1035"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpujan2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle Financial Services",
"tracking": {
"current_release_date": "2026-01-21T09:55:33.889125Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0025",
"initial_release_date": "2026-01-21T09:55:33.889125Z",
"revision_history": [
{
"date": "2026-01-21T09:55:33.889125Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Banking Branch"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Banking Cash Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Banking Corporate Lending Process Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Banking Liquidity Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Banking Supply Chain Finance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle FLEXCUBE Investor Servicing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle FLEXCUBE Universal Banking"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Compliance Studio"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Financial Services Model Management and Governance"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle Insurance Policy Administration J2EE"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-5115",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-5115 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-5115"
},
{
"cve": "CVE-2025-9230",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "other",
"text": "Out-of-bounds Write",
"title": "CWE-787"
},
{
"category": "description",
"text": "Multiple vulnerabilities related to out-of-bounds read and write issues in OpenSSL affect various products, with moderate severity assessments and low likelihood of successful exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-9230 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9230.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-9230"
},
{
"cve": "CVE-2025-22228",
"cwe": {
"id": "CWE-521",
"name": "Weak Password Requirements"
},
"notes": [
{
"category": "other",
"text": "Weak Password Requirements",
"title": "CWE-521"
},
{
"category": "other",
"text": "Improper Authentication",
"title": "CWE-287"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified across Oracle and NetApp products, including critical issues in Oracle Banking Liquidity Management and Spring Security flaws affecting sensitive data integrity.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-22228 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-22228.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-22228"
},
{
"cve": "CVE-2025-27817",
"cwe": {
"id": "CWE-918",
"name": "Server-Side Request Forgery (SSRF)"
},
"notes": [
{
"category": "other",
"text": "Server-Side Request Forgery (SSRF)",
"title": "CWE-918"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Apache Kafka and Oracle products allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for several Oracle systems.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-27817 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-27817"
},
{
"cve": "CVE-2025-41248",
"cwe": {
"id": "CWE-289",
"name": "Authentication Bypass by Alternate Name"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Alternate Name",
"title": "CWE-289"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41248 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41248"
},
{
"cve": "CVE-2025-41249",
"cwe": {
"id": "CWE-285",
"name": "Improper Authorization"
},
"notes": [
{
"category": "other",
"text": "Improper Authorization",
"title": "CWE-285"
},
{
"category": "other",
"text": "Incorrect Authorization",
"title": "CWE-863"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41249 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41249"
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "other",
"text": "Improper Access Control",
"title": "CWE-284"
},
{
"category": "description",
"text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2025-48795",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Resource Consumption",
"title": "CWE-400"
},
{
"category": "other",
"text": "Exposure of Sensitive Information to an Unauthorized Actor",
"title": "CWE-200"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Oracle\u0027s Primavera P6 and WebCenter Forms Recognition, along with an Apache CXF bug and issues in HPE Telco Service Activator, expose systems to unauthorized data access and potential denial of service.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48795"
},
{
"cve": "CVE-2025-48924",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"notes": [
{
"category": "other",
"text": "Uncontrolled Recursion",
"title": "CWE-674"
},
{
"category": "description",
"text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48924 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48924"
},
{
"cve": "CVE-2025-48976",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "description",
"text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48976 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48976"
},
{
"cve": "CVE-2025-49796",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "other",
"text": "Out-of-bounds Read",
"title": "CWE-125"
},
{
"category": "description",
"text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-49796 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-49796"
},
{
"cve": "CVE-2025-55163",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-55163 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-55163"
},
{
"cve": "CVE-2025-61795",
"cwe": {
"id": "CWE-404",
"name": "Improper Resource Shutdown or Release"
},
"notes": [
{
"category": "other",
"text": "Improper Resource Shutdown or Release",
"title": "CWE-404"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-61795 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-61795"
},
{
"cve": "CVE-2025-66418",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"notes": [
{
"category": "other",
"text": "Allocation of Resources Without Limits or Throttling",
"title": "CWE-770"
},
{
"category": "other",
"text": "CWE-1035",
"title": "CWE-1035"
},
{
"category": "other",
"text": "CWE-937",
"title": "CWE-937"
},
{
"category": "description",
"text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-66418 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-66418"
},
{
"cve": "CVE-2026-21973",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle FLEXCUBE Investor Servicing versions 14.5.0.15.0, 14.7.0.8.0, and 14.8.0.1.0 allows low privileged attackers to exploit it via HTTP, leading to unauthorized access and modification of critical data.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21973 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21973.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-21973"
},
{
"cve": "CVE-2026-21978",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle FLEXCUBE Universal Banking (versions 14.0.0.0.0-14.8.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, rated with a CVSS 3.1 Base Score of 6.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-21978 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21978.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-21978"
}
]
}
NCSC-2026-0126
Vulnerability from csaf_ncscnl - Published: 2026-04-22 12:56 - Updated: 2026-04-22 12:56Summary
Kwetsbaarheden verholpen in Oracle E-Business Suite
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.
Interpretaties: De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.
Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.
Kans: medium
Schade: high
CWE-20: Improper Input Validation
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CWE-284: Improper Access Control
A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.
9.8 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.
9.1 (Critical)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.
8.8 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite's ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.
7.6 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.
7.5 (High)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.
6.1 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.
5.9 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.
5.5 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.
6.3 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.
5.4 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.
4.7 (Medium)
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.
Affected products
Known affected
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
vers:unknown/*
Oracle / Oracle Advanced Inbound Telephony
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Advanced Supply Chain Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Applications DBA
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Enterprise Command Center Framework
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Flow Manufacturing
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Global Order Promising
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle HCM Common Architecture
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Rapid Planning
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle Yard Management
|
vers:unknown/* | ||
|
vers:unknown/*
Oracle / Oracle iProcurement
|
vers:unknown/* |
References
14 references
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "nl",
"notes": [
{
"category": "legal_disclaimer",
"text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
},
{
"category": "description",
"text": "Oracle heeft kwetsbaarheden verholpen in Oracle E-Business Suite.",
"title": "Feiten"
},
{
"category": "description",
"text": "De kwetsbaarheden bevinden zich in verschillende componenten van Oracle E-Business Suite, waaronder Oracle Advanced Inbound Telephony, Oracle Enterprise Command Center Framework, Oracle Advanced Supply Chain Planning en Oracle Flow Manufacturing. Deze kwetsbaarheden kunnen worden misbruikt door ongeauthenticeerde of hooggeprivilegieerde aanvallers, wat kan leiden tot ongeautoriseerde toegang en gegevensmanipulatie.",
"title": "Interpretaties"
},
{
"category": "description",
"text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.\n\n",
"title": "Oplossingen"
},
{
"category": "general",
"text": "medium",
"title": "Kans"
},
{
"category": "general",
"text": "high",
"title": "Schade"
},
{
"category": "general",
"text": "Improper Input Validation",
"title": "CWE-20"
},
{
"category": "general",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "general",
"text": "Improper Access Control",
"title": "CWE-284"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "cert@ncsc.nl",
"name": "Nationaal Cyber Security Centrum",
"namespace": "https://www.ncsc.nl/"
},
"references": [
{
"category": "external",
"summary": "Reference",
"url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
}
],
"title": "Kwetsbaarheden verholpen in Oracle E-Business Suite",
"tracking": {
"current_release_date": "2026-04-22T12:56:26.266249Z",
"generator": {
"date": "2025-08-04T16:30:00Z",
"engine": {
"name": "V.A.",
"version": "1.3"
}
},
"id": "NCSC-2026-0126",
"initial_release_date": "2026-04-22T12:56:26.266249Z",
"revision_history": [
{
"date": "2026-04-22T12:56:26.266249Z",
"number": "1.0.0",
"summary": "Initiele versie"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-1"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Inbound Telephony"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-2"
}
}
],
"category": "product_name",
"name": "Oracle Advanced Supply Chain Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-3"
}
}
],
"category": "product_name",
"name": "Oracle Applications DBA"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-4"
}
}
],
"category": "product_name",
"name": "Oracle Enterprise Command Center Framework"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-5"
}
}
],
"category": "product_name",
"name": "Oracle Flow Manufacturing"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-6"
}
}
],
"category": "product_name",
"name": "Oracle Global Order Promising"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-7"
}
}
],
"category": "product_name",
"name": "Oracle HCM Common Architecture"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-8"
}
}
],
"category": "product_name",
"name": "Oracle Rapid Planning"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-9"
}
}
],
"category": "product_name",
"name": "Oracle Yard Management"
},
{
"branches": [
{
"category": "product_version_range",
"name": "vers:unknown/*",
"product": {
"name": "vers:unknown/*",
"product_id": "CSAFPID-10"
}
}
],
"category": "product_name",
"name": "Oracle iProcurement"
}
],
"category": "vendor",
"name": "Oracle"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-34275",
"notes": [
{
"category": "description",
"text": "A critical unauthenticated remote code execution vulnerability in Oracle Advanced Inbound Telephony (versions 12.2.3-12.2.15) with a CVSS 3.1 score of 9.8 severely impacts confidentiality, integrity, and availability via HTTP.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34275 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34275.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34275"
},
{
"cve": "CVE-2024-51504",
"cwe": {
"id": "CWE-290",
"name": "Authentication Bypass by Spoofing"
},
"notes": [
{
"category": "other",
"text": "Authentication Bypass by Spoofing",
"title": "CWE-290"
},
{
"category": "description",
"text": "Multiple vulnerabilities in Apache ZooKeeper, including IPAuthenticationProvider spoofing and unauthorized access issues, affect various Oracle and Apache products, allowing authentication bypass, sensitive data exposure, and denial of service.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2024-51504 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2024-51504"
},
{
"cve": "CVE-2025-48734",
"notes": [
{
"category": "description",
"text": "Multiple vulnerabilities in Apache Commons BeanUtils prior to version 1.11.0 and various Oracle and HPE products allow remote attackers to execute arbitrary code or take over systems via HTTP or Java enum declaredClass property access.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-48734 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-48734"
},
{
"cve": "CVE-2026-22011",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite\u0027s ADPatch component (versions 12.2.3 to 12.2.15) allows a high-privileged attacker with HTTP network access to potentially compromise system confidentiality, integrity, and availability, with a CVSS score of 7.6.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22011 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22011.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22011"
},
{
"cve": "CVE-2025-58057",
"cwe": {
"id": "CWE-409",
"name": "Improper Handling of Highly Compressed Data (Data Amplification)"
},
"notes": [
{
"category": "other",
"text": "Improper Handling of Highly Compressed Data (Data Amplification)",
"title": "CWE-409"
},
{
"category": "description",
"text": "Multiple denial of service vulnerabilities affect Netty (up to 4.1.124.Final), HPE Telco Intelligent Assurance, and Oracle Communications Cloud Native products due to unbounded buffer allocation and malformed HTTP/2 frames, with CVSS scores up to 7.5.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-58057 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-58057"
},
{
"cve": "CVE-2026-34297",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle HCM Common Architecture versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to gain unauthorized access to critical data, rated with a CVSS 3.1 base score of 7.5 for high confidentiality impact.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34297 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34297.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34297"
},
{
"cve": "CVE-2026-34274",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Configurator within Oracle E-Business Suite versions 12.2.3 to 12.2.15 allows unauthenticated attackers with HTTP network access to perform unauthorized read and write operations, with a CVSS 3.1 base score of 6.1.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34274 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34274.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34274"
},
{
"cve": "CVE-2025-41242",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"notes": [
{
"category": "other",
"text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"title": "CWE-22"
},
{
"category": "description",
"text": "Multiple vulnerabilities in the Spring Framework affect various products including NetApp, Oracle Primavera Unifier, and Oracle Enterprise Command Center Framework, enabling unauthenticated attackers to access or compromise critical data, with severity ranging up to CVSS 5.9.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-41242 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41242.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-41242"
},
{
"cve": "CVE-2026-34302",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Workflow Loader (versions 12.2.3-12.2.15) allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications and cause partial denial of service, with a CVSS 3.1 base score of 5.5.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34302 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34302.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34302"
},
{
"cve": "CVE-2025-31672",
"notes": [
{
"category": "description",
"text": "Apache POI poi-ooxml versions before 5.4.0 contain a vulnerability involving improper input validation of OOXML files with duplicate ZIP entries, affecting multiple products including Oracle and NetApp, allowing unauthenticated attackers to modify data with a CVSS score of 5.3.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-31672 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-31672"
},
{
"cve": "CVE-2025-68161",
"cwe": {
"id": "CWE-297",
"name": "Improper Validation of Certificate with Host Mismatch"
},
"notes": [
{
"category": "other",
"text": "Improper Validation of Certificate with Host Mismatch",
"title": "CWE-297"
},
{
"category": "other",
"text": "Improper Certificate Validation",
"title": "CWE-295"
},
{
"category": "description",
"text": "Multiple vulnerabilities affect Apache Log4j Core (versions 2.0-beta9 to 2.25.2) due to missing TLS hostname verification in the Socket Appender, Oracle Primavera Gateway (versions 21.12.0-21.12.16) with a TLS vulnerability, and IBM Db2 Server (versions 11.5.0-11.5.9 and 12.1.0-12.1.4) with potential data disclosure or modification issues.",
"title": "Summary"
},
{
"category": "general",
"text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"title": "CVSSV4"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68161 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2025-68161"
},
{
"cve": "CVE-2026-34298",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle Applications Framework versions 12.2.9 through 12.2.15 allows a high-privileged attacker with HTTP network access to perform unauthorized data modifications, read access, and partial denial of service, rated CVSS 4.7.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-34298 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-34298.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-34298"
},
{
"cve": "CVE-2026-22014",
"notes": [
{
"category": "description",
"text": "A vulnerability in Oracle E-Business Suite User Management (versions 12.2.7-12.2.15) allows a high-privileged attacker with HTTP network access to read and modify certain accessible data, rated CVSS 3.8.",
"title": "Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-22014 | NCSC-NL Website",
"url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-22014.json"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-1",
"CSAFPID-2",
"CSAFPID-3",
"CSAFPID-4",
"CSAFPID-5",
"CSAFPID-6",
"CSAFPID-7",
"CSAFPID-8",
"CSAFPID-9",
"CSAFPID-10"
]
}
],
"title": "CVE-2026-22014"
}
]
}
OPENSUSE-SU-2025:15175-1
Vulnerability from csaf_opensuse - Published: 2025-05-30 00:00 - Updated: 2025-05-30 00:00Summary
apache-commons-beanutils-1.11.0-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: apache-commons-beanutils-1.11.0-1.1 on GA media
Description of the patch: These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15175
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.8 (High)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "apache-commons-beanutils-1.11.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the apache-commons-beanutils-1.11.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15175",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15175-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48734 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48734/"
}
],
"title": "apache-commons-beanutils-1.11.0-1.1 on GA media",
"tracking": {
"current_release_date": "2025-05-30T00:00:00Z",
"generator": {
"date": "2025-05-30T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15175-1",
"initial_release_date": "2025-05-30T00:00:00Z",
"revision_history": [
{
"date": "2025-05-30T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.11.0-1.1.aarch64",
"product": {
"name": "apache-commons-beanutils-1.11.0-1.1.aarch64",
"product_id": "apache-commons-beanutils-1.11.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"product": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
"product": {
"name": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
"product_id": "apache-commons-beanutils-1.11.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"product": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.11.0-1.1.s390x",
"product": {
"name": "apache-commons-beanutils-1.11.0-1.1.s390x",
"product_id": "apache-commons-beanutils-1.11.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"product": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "apache-commons-beanutils-1.11.0-1.1.x86_64",
"product": {
"name": "apache-commons-beanutils-1.11.0-1.1.x86_64",
"product_id": "apache-commons-beanutils-1.11.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
"product": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
"product_id": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64"
},
"product_reference": "apache-commons-beanutils-1.11.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le"
},
"product_reference": "apache-commons-beanutils-1.11.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x"
},
"product_reference": "apache-commons-beanutils-1.11.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-1.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64"
},
"product_reference": "apache-commons-beanutils-1.11.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
},
"product_reference": "apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-48734",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48734"
}
],
"notes": [
{
"category": "general",
"text": "Improper Access Control vulnerability in Apache Commons.\n\n\n\nA special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.\n\n\n\n\n\nReleases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum\u0027s class loader via the \"declaredClass\" property available on all Java \"enum\" objects. Accessing the enum\u0027s \"declaredClass\" allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().\nStarting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the \"declaredClass\" property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user\u0027s guide and the unit tests.\n\nThis issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils\n\n 1.x are recommended to upgrade to version 1.11.0, which fixes the issue.\n\n\nUsers of the artifact org.apache.commons:commons-beanutils2\n\n 2.x are recommended to upgrade to version 2.0.0-M2, which fixes the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48734",
"url": "https://www.suse.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "SUSE Bug 1243793 for CVE-2025-48734",
"url": "https://bugzilla.suse.com/1243793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-1.11.0-1.1.x86_64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.aarch64",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.ppc64le",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.s390x",
"openSUSE Tumbleweed:apache-commons-beanutils-javadoc-1.11.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-05-30T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-48734"
}
]
}
RHSA-2025:10452
Vulnerability from csaf_redhat - Published: 2025-07-07 13:32 - Updated: 2026-06-01 17:21Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
6.2 (Medium)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
No description is available for this CVE.
0.0 (None)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.
7.5 (High)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
8.8 (High)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
54 references
Acknowledgments
Pupi1
ING Hubs Poland
Mateusz "MaTTallica" Klement
Łukasz Rupala
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10452",
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "JBEAP-28866",
"url": "https://issues.redhat.com/browse/JBEAP-28866"
},
{
"category": "external",
"summary": "JBEAP-28992",
"url": "https://issues.redhat.com/browse/JBEAP-28992"
},
{
"category": "external",
"summary": "JBEAP-29252",
"url": "https://issues.redhat.com/browse/JBEAP-29252"
},
{
"category": "external",
"summary": "JBEAP-29257",
"url": "https://issues.redhat.com/browse/JBEAP-29257"
},
{
"category": "external",
"summary": "JBEAP-29530",
"url": "https://issues.redhat.com/browse/JBEAP-29530"
},
{
"category": "external",
"summary": "JBEAP-29679",
"url": "https://issues.redhat.com/browse/JBEAP-29679"
},
{
"category": "external",
"summary": "JBEAP-29691",
"url": "https://issues.redhat.com/browse/JBEAP-29691"
},
{
"category": "external",
"summary": "JBEAP-29692",
"url": "https://issues.redhat.com/browse/JBEAP-29692"
},
{
"category": "external",
"summary": "JBEAP-29806",
"url": "https://issues.redhat.com/browse/JBEAP-29806"
},
{
"category": "external",
"summary": "JBEAP-29863",
"url": "https://issues.redhat.com/browse/JBEAP-29863"
},
{
"category": "external",
"summary": "JBEAP-29867",
"url": "https://issues.redhat.com/browse/JBEAP-29867"
},
{
"category": "external",
"summary": "JBEAP-29984",
"url": "https://issues.redhat.com/browse/JBEAP-29984"
},
{
"category": "external",
"summary": "JBEAP-29999",
"url": "https://issues.redhat.com/browse/JBEAP-29999"
},
{
"category": "external",
"summary": "JBEAP-30087",
"url": "https://issues.redhat.com/browse/JBEAP-30087"
},
{
"category": "external",
"summary": "JBEAP-30151",
"url": "https://issues.redhat.com/browse/JBEAP-30151"
},
{
"category": "external",
"summary": "JBEAP-30157",
"url": "https://issues.redhat.com/browse/JBEAP-30157"
},
{
"category": "external",
"summary": "JBEAP-30263",
"url": "https://issues.redhat.com/browse/JBEAP-30263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10452.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
"tracking": {
"current_release_date": "2026-06-01T17:21:28+00:00",
"generator": {
"date": "2026-06-01T17:21:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:10452",
"initial_release_date": "2025-07-07T13:32:31+00:00",
"revision_history": [
{
"date": "2025-07-07T13:32:31+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-07T13:32:31+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T17:21:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el8eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch"
},
"product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 8",
"product_id": "8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"relates_to_product_reference": "8Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"Mateusz \"MaTTallica\" Klement",
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-27611",
"cwe": {
"id": "CWE-1007",
"name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
},
"discovery_date": "2025-04-30T20:00:45.852222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27611"
},
{
"category": "external",
"summary": "RHBZ#2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/pull/86",
"url": "https://github.com/cryptocoinjs/base-x/pull/86"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
}
],
"release_date": "2025-04-30T19:36:57.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:32:31+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10452"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap.src",
"8Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch",
"8Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el8eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
RHSA-2025:10453
Vulnerability from csaf_redhat - Published: 2025-07-07 13:27 - Updated: 2026-06-01 17:21Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update
Severity
Important
Notes
Topic: A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)
* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)
* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)
* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)
* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default [eap-8.0.z] (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
6.2 (Medium)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
No description is available for this CVE.
0.0 (None)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.
7.5 (High)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().
8.8 (High)
Affected products
Fixed
75 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
|
| Unresolved product id: 9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch | — |
Vendor Fix
fix
|
Threats
Impact
Important
References
54 references
Acknowledgments
Pupi1
ING Hubs Poland
Mateusz "MaTTallica" Klement
Łukasz Rupala
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.8 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.7, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.8 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* org.jboss.hal-hal-parent: base-x homograph attack allows Unicode lookalike characters to bypass validation. [eap-8.0.z] (CVE-2025-27611)\n\n* org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console [eap-8.0.z] (CVE-2025-2901)\n\n* wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution [eap-8.0.z] (CVE-2025-2251)\n\n* org.apache.cxf/cxf-core: Apache CXF: Denial of Service vulnerability with temporary files [eap-8.0.z] (CVE-2025-23184)\n\n* commons-beanutils-commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils-core: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* org.jboss.eap-jboss-eap-xp: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\n* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default [eap-8.0.z] (CVE-2025-48734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10453",
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0",
"url": "https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/7120566",
"url": "https://access.redhat.com/articles/7120566"
},
{
"category": "external",
"summary": "2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "JBEAP-28866",
"url": "https://issues.redhat.com/browse/JBEAP-28866"
},
{
"category": "external",
"summary": "JBEAP-28992",
"url": "https://issues.redhat.com/browse/JBEAP-28992"
},
{
"category": "external",
"summary": "JBEAP-29253",
"url": "https://issues.redhat.com/browse/JBEAP-29253"
},
{
"category": "external",
"summary": "JBEAP-29257",
"url": "https://issues.redhat.com/browse/JBEAP-29257"
},
{
"category": "external",
"summary": "JBEAP-29530",
"url": "https://issues.redhat.com/browse/JBEAP-29530"
},
{
"category": "external",
"summary": "JBEAP-29679",
"url": "https://issues.redhat.com/browse/JBEAP-29679"
},
{
"category": "external",
"summary": "JBEAP-29691",
"url": "https://issues.redhat.com/browse/JBEAP-29691"
},
{
"category": "external",
"summary": "JBEAP-29692",
"url": "https://issues.redhat.com/browse/JBEAP-29692"
},
{
"category": "external",
"summary": "JBEAP-29806",
"url": "https://issues.redhat.com/browse/JBEAP-29806"
},
{
"category": "external",
"summary": "JBEAP-29863",
"url": "https://issues.redhat.com/browse/JBEAP-29863"
},
{
"category": "external",
"summary": "JBEAP-29867",
"url": "https://issues.redhat.com/browse/JBEAP-29867"
},
{
"category": "external",
"summary": "JBEAP-29984",
"url": "https://issues.redhat.com/browse/JBEAP-29984"
},
{
"category": "external",
"summary": "JBEAP-29999",
"url": "https://issues.redhat.com/browse/JBEAP-29999"
},
{
"category": "external",
"summary": "JBEAP-30087",
"url": "https://issues.redhat.com/browse/JBEAP-30087"
},
{
"category": "external",
"summary": "JBEAP-30151",
"url": "https://issues.redhat.com/browse/JBEAP-30151"
},
{
"category": "external",
"summary": "JBEAP-30157",
"url": "https://issues.redhat.com/browse/JBEAP-30157"
},
{
"category": "external",
"summary": "JBEAP-30263",
"url": "https://issues.redhat.com/browse/JBEAP-30263"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10453.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.8 Security update",
"tracking": {
"current_release_date": "2026-06-01T17:21:30+00:00",
"generator": {
"date": "2026-06-01T17:21:30+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.1"
}
},
"id": "RHSA-2025:10453",
"initial_release_date": "2025-07-07T13:27:47+00:00",
"revision_history": [
{
"date": "2025-07-07T13:27:47+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-07T13:27:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-06-01T17:21:30+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product": {
"name": "Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Enterprise Application Platform"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=src"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jboss-remoting@5.0.31-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-elytron-web@4.0.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-elytron-tool@2.2.11-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-core@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hibernate-envers@6.2.36-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-fastinfoset@2.1.1-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-dom@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-mime4j-storage@0.8.12-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-slf4j-api@2.0.17-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-eap-product-conf-wildfly-ee-feature-pack@800.8.0-1.GA_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-cli@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-commons@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-core-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-dto@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hornetq-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-hqclient-protocol@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-client@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-ra@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jakarta-service-extensions@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-jdbc-store@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-journal@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-selector@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_id": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-activemq-artemis-server@2.33.0-3.redhat_00017.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbosstxbridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jbossxts@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-idlj@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-jts-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-api@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-bridge@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-integration@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-narayana-restat-util@6.0.6-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-rt@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-services@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-cxf-tools@4.0.6-2.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-jbossws-cxf@7.3.3-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_id": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-hal-console@3.6.24-1.Final_redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-reactivex-rxjava2@2.2.21-3.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_id": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_id": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-velocity-engine-core@2.3.0-4.redhat_00010.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product_id": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-httpcomponents-asyncclient@4.1.5-4.redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product_id": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-apache-commons-beanutils@1.11.0-1.redhat_00001.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product_id": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-neethi@3.2.1-1.redhat_00002.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk11@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk17@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-java-jdk21@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_id": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/eap8-wildfly-modules@8.0.8-4.GA_redhat_00006.1.el9eap?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src"
},
"product_reference": "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch"
},
"product_reference": "eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src"
},
"product_reference": "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src"
},
"product_reference": "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch"
},
"product_reference": "eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src"
},
"product_reference": "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src"
},
"product_reference": "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch as a component of Red Hat JBoss EAP 8.0 for RHEL 9",
"product_id": "9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
},
"product_reference": "eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"relates_to_product_reference": "9Base-JBEAP-8.0"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Pupi1"
]
}
],
"cve": "CVE-2025-2251",
"cwe": {
"id": "CWE-502",
"name": "Deserialization of Untrusted Data"
},
"discovery_date": "2025-03-12T13:33:14.782000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2351678"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2251"
},
{
"category": "external",
"summary": "RHBZ#2351678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2351678"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2251",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2251"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2251"
}
],
"release_date": "2025-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution"
},
{
"acknowledgments": [
{
"names": [
"Mateusz \"MaTTallica\" Klement",
"\u0141ukasz Rupala"
],
"organization": "ING Hubs Poland"
}
],
"cve": "CVE-2025-2901",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"discovery_date": "2025-03-28T06:08:36.048000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2355685"
}
],
"notes": [
{
"category": "description",
"text": "No description is available for this CVE.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This CVE has been marked as Rejected by the assigning CNA.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-2901"
},
{
"category": "external",
"summary": "RHBZ#2355685",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2355685"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-2901",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-2901"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-2901"
}
],
"release_date": "2025-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "workaround",
"details": "Currently, no mitigation is available for this vulnerability.",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console"
},
{
"cve": "CVE-2025-23184",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2025-01-21T10:00:44.959656+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2339095"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-23184"
},
{
"category": "external",
"summary": "RHBZ#2339095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2339095"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-23184",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23184"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122",
"url": "https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122"
}
],
"release_date": "2025-01-21T09:35:37.468000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files"
},
{
"cve": "CVE-2025-27611",
"cwe": {
"id": "CWE-1007",
"name": "Insufficient Visual Distinction of Homoglyphs Presented to User"
},
"discovery_date": "2025-04-30T20:00:45.852222+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2363176"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in base-x. This vulnerability allows attackers to generate addresses that appear legitimate, tricking users into sending money to them instead of the intended ones. The problem arises from the way base-x compresses leading zeros in addresses via manipulation of the base encoding mechanism.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in base-x is Important because it affects the encoding and decoding of addresses in blockchain transactions. The flaw arises from mishandling of leading zero compression, enabling attackers to craft malicious encodings that deceive systems or users into misdirecting funds. As blockchain transactions are final and cannot be reversed, even a single instance of this exploit can result in permanent financial loss, making this a serious security concern beyond a Moderate issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-27611"
},
{
"category": "external",
"summary": "RHBZ#2363176",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2363176"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-27611",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-27611"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27611"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/pull/86",
"url": "https://github.com/cryptocoinjs/base-x/pull/86"
},
{
"category": "external",
"summary": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p",
"url": "https://github.com/cryptocoinjs/base-x/security/advisories/GHSA-xq7p-g2vc-g82p"
}
],
"release_date": "2025-04-30T19:36:57.356000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation."
},
{
"cve": "CVE-2025-48734",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2025-05-28T14:00:56.619771+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368956"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Apache Commons BeanUtils. This vulnerability allows remote attackers to execute arbitrary code via uncontrolled access to the declaredClass property on Java enum objects, which can expose the class loader when property paths are passed from external sources to methods like getProperty() or getNestedProperty().",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated as important severity because a flaw exists in Apache Commons BeanUtils, where PropertyUtilsBean and BeanUtilsBean allow uncontrolled access to the declaredClass property of Java enum objects. Applications that pass untrusted property paths directly to getProperty() or getNestedProperty() methods are at risk, as attackers can exploit this behavior to retrieve the ClassLoader instance and execute arbitrary code in the context of the affected application. This issue leads to compromise of confidentiality, integrity, and availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-48734"
},
{
"category": "external",
"summary": "RHBZ#2368956",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368956"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-48734",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-48734"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48734"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9",
"url": "https://github.com/advisories/GHSA-wxr5-93ph-8wr9"
},
{
"category": "external",
"summary": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc",
"url": "https://github.com/apache/commons-beanutils/commit/28ad955a1613ed5885870cc7da52093c1ce739dc"
},
{
"category": "external",
"summary": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9",
"url": "https://lists.apache.org/thread/s0hb3jkfj5f3ryx6c57zqtfohb0of1g9"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/05/28/6",
"url": "https://www.openwall.com/lists/oss-security/2025/05/28/6"
}
],
"release_date": "2025-05-28T13:32:08.300000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-07T13:27:47+00:00",
"details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258",
"product_ids": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10453"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-activemq-artemis-cli-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-commons-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-core-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-dto-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hornetq-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-hqclient-protocol-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-client-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-ra-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jakarta-service-extensions-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-jdbc-store-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-journal-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-selector-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-activemq-artemis-server-0:2.33.0-3.redhat_00017.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-cxf-rt-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-services-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-cxf-tools-0:4.0.6-2.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-apache-mime4j-dom-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-apache-mime4j-storage-0:0.8.12-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-eap-product-conf-wildfly-ee-feature-pack-0:800.8.0-1.GA_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-hibernate-core-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-hibernate-envers-0:6.2.36-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-narayana-jbosstxbridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jbossxts-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-idlj-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-jts-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-api-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-bridge-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-integration-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-narayana-restat-util-0:6.0.6-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-slf4j-api-0:2.0.17-1.redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-velocity-engine-core-0:2.3.0-4.redhat_00010.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap.src",
"9Base-JBEAP-8.0:eap8-wildfly-elytron-tool-0:2.2.11-1.Final_redhat_00001.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk11-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk17-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-java-jdk21-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch",
"9Base-JBEAP-8.0:eap8-wildfly-modules-0:8.0.8-4.GA_redhat_00006.1.el9eap.noarch"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum\u0027s declaredClass property by default"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…