{ "threat_severity" : "Low", "public_date" : "2025-01-21T09:35:37Z", "bugzilla" : { "description" : "org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files", "id" : "2339095", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2339095" }, "cvss3" : { "cvss3_base_score" : "3.7", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "status" : "verified" }, "cwe" : "CWE-400", "details" : [ "A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).", "A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service." ], "affected_release" : [ { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4.23", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10931", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "package" : "org.apache.cxf/cxf-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10925", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "package" : "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10926", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "package" : "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-activemq-artemis-0:2.16.0-21.redhat_00055.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-apache-cxf-0:3.5.10-1.redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-artemis-native-1:1.0.2-5.redhat_00004.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-elytron-web-0:1.9.6-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-glassfish-jsf-0:2.3.14-9.SP10_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hal-console-0:3.3.27-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-hibernate-validator-0:6.0.23-3.SP2_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-ironjacamar-0:1.5.21-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jboss-server-migration-0:1.10.0-42.Final_redhat_00042.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-jbossws-cxf-0:5.4.15-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-0:7.4.23-3.GA_redhat_00002.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7", "release_date" : "2025-07-14T00:00:00Z", "advisory" : "RHSA-2025:10924", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "package" : "eap7-wildfly-elytron-0:1.15.26-1.Final_redhat_00001.1.el7eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0.8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10459", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "org.apache.cxf/cxf-core" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-neethi-0:3.2.1-1.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-velocity-0:2.3.0-4.redhat_00010.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10452", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "package" : "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el8eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-activemq-artemis-0:2.33.0-3.redhat_00017.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-commons-beanutils-0:1.11.0-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-cxf-0:4.0.6-2.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-apache-mime4j-0:0.8.12-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-eap-product-conf-parent-0:800.8.0-1.GA_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-elytron-web-0:4.0.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-fastinfoset-0:2.1.1-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hal-console-0:3.6.24-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-hibernate-0:6.2.36-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-httpcomponents-asyncclient-0:4.1.5-4.redhat_00006.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jboss-remoting-0:5.0.31-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-jbossws-cxf-0:7.3.3-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-narayana-0:6.0.6-1.Final_redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-neethi-0:3.2.1-1.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-reactivex-rxjava2-0:2.2.21-3.redhat_00002.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-slf4j-0:2.0.17-1.redhat_00001.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-velocity-0:2.3.0-4.redhat_00010.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-0:8.0.8-4.GA_redhat_00006.1.el9eap" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9", "release_date" : "2025-07-07T00:00:00Z", "advisory" : "RHSA-2025:10453", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "package" : "eap8-wildfly-elytron-0:2.2.11-1.Final_redhat_00001.1.el9eap" } ], "package_state" : [ { "product_name" : "Logging Subsystem for Red Hat OpenShift", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:logging:5" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 4", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:camel_spring_boot:4" }, { "product_name" : "Red Hat Build of Keycloak", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:build_keycloak:" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Out of support scope", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "org.jboss.eap-jboss-eap-xp", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "org.jboss.eap-jboss-eap-xp", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Fix deferred", "package_name" : "org.apache.cxf/cxf-core", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-23184\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-23184\nhttps://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122" ], "name" : "CVE-2025-23184", "csaw" : false }