Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.11 Security update

CVE-2021-3859 — undertow: client side invocation timeout raised when calling over HTTP2 CVE-2021-4104 — log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender CVE-2022-23221 — h2: Loading of custom classes from remote servers through JNDI CVE-2022-23305 — log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender CVE-2022-23307 — log4j: Unsafe deserialization flaw in Chainsaw log viewer CVE-2022-34169 — OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) CVE-2022-41853 — hsqldb: Untrusted input may lead to RCE attack CVE-2022-46364 — CXF: SSRF Vulnerability CVE-2023-3171 — eap-7: heap exhaustion via deserialization CVE-2023-5685 — xnio: StackOverflowException when the chain of notifier states becomes problematically big CVE-2023-26464 — log4j1-socketappender: DoS via hashmap logging CVE-2023-39410 — apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK CVE-2024-28752 — cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding CVE-2024-47561 — apache-avro: Schema parsing may trigger Remote Code Execution (RCE)