RHSA-2025:4437HighCVSS 7.5
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.13 security update
🔗 CVE IDs covered (8)
📋 Description
CVE-2022-0084 — xnio: org.xnio.StreamConnection.notifyReadClosed log to debug instead of stderr CVE-2022-23913 — artemis-commons: Apache ActiveMQ Artemis DoS CVE-2022-24785 — Moment.js: Path traversal in moment.locale CVE-2022-25647 — com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-40149 — jettison: parser crash by stackoverflow CVE-2022-40150 — jettison: memory exhaustion via user-supplied XML or JSON data CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks
🔗 References (15)
- selfhttps://access.redhat.com/errata/RHSA-2025:4437
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
- externalhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2063601
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2064226
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2072009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2080850
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2126789
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134291
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135770
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2135771
- externalhttps://issues.redhat.com/browse/JBEAP-29297
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4437.json