{ "threat_severity" : "Important", "public_date" : "2024-02-11T00:00:00Z", "bugzilla" : { "description" : "nimbus-jose-jwt: large JWE p2c header value causes Denial of Service", "id" : "2309764", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2309764" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.", "A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability." ], "affected_release" : [ { "product_name" : "Red Hat build of Apache Camel 3.20.7 for Spring Boot", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6883", "cpe" : "cpe:/a:redhat:apache_camel_spring_boot:3.20.7", "package" : "com.nimbusds/nimbus-jose-jwt" }, { "product_name" : "Red Hat build of Apache Camel 4.4.3 for Spring Boot", "release_date" : "2024-10-14T00:00:00Z", "advisory" : "RHSA-2024:8064", "cpe" : "cpe:/a:redhat:apache_camel_spring_boot:4.4.3", "package" : "com.nimbusds/nimbus-jose-jwt" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8826", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "package" : "nimbus-jose-jwt" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hppc-0:0.8.1-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jctools-0:4.0.2-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-log4j-0:2.22.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-slf4j-0:2.0.16-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8823", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-activemq-artemis-0:2.33.0-1.redhat_00015.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-activemq-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aesh-extensions-0:1.8.0-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aesh-readline-0:2.2.0-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-codec-0:1.16.1-2.redhat_00007.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-collections-0:3.2.2-28.redhat_2.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-io-0:2.15.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-lang-0:3.14.0-2.redhat_00006.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-cxf-0:4.0.5-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-artemis-native-1:2.0.0-2.redhat_00005.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-artemis-wildfly-integration-0:2.0.1-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-asyncutil-0:0.1.0-2.redhat_00010.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-aws-java-sdk-0:1.12.284-2.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-cryptacular-0:1.2.5-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.4.0-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-fastinfoset-0:2.1.0-4.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hibernate-0:6.2.31-1.Final_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hibernate-validator-0:8.0.1-3.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hppc-0:0.8.1-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-insights-java-client-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jakarta-servlet-jsp-jstl-api-0:3.0.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jboss-cert-helper-0:1.1.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jboss-logging-0:3.5.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jctools-0:4.0.2-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jgroups-0:5.3.10-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-log4j-0:2.22.1-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-narayana-0:6.0.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-nimbus-jose-jwt-0:9.37.3-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-objectweb-asm-0:9.6.0-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-pem-keystore-0:2.3.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-resteasy-extensions-0:2.0.1-3.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-resteasy-spring-0:3.0.1-2.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-saaj-impl-0:3.0.4-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-shibboleth-java-support-0:8.0.0-6.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-slf4j-0:2.0.16-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-snakeyaml-0:2.2.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2024-11-04T00:00:00Z", "advisory" : "RHSA-2024:8824", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.4-2.GA_redhat_00005.1.el9eap" }, { "product_name" : "Streams for Apache Kafka 2.9.0", "release_date" : "2025-03-05T00:00:00Z", "advisory" : "RHSA-2025:2416", "cpe" : "cpe:/a:redhat:amq_streams:2" } ], "package_state" : [ { "product_name" : "Cryostat 3", "fix_state" : "Not affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:cryostat:3" }, { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Will not fix", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Not affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 3", "fix_state" : "Affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:camel_spring_boot:3" }, { "product_name" : "Red Hat build of Apache Camel - HawtIO 4", "fix_state" : "Affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:apache_camel_hawtio:4" }, { "product_name" : "Red Hat build of Apicurio Registry 2", "fix_state" : "Affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:service_registry:2" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Not affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Not affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Will not fix", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Not affected", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Will not fix", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Affected", "package_name" : "nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Affected", "package_name" : "nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Will not fix", "package_name" : "com.nimbusds/nimbus-jose-jwt", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-52428\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-52428" ], "name" : "CVE-2023-52428", "csaw" : false }