RHSA-2025:9582HighCVSS 7.5

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.11 on RHEL 7 security update

Published
June 25, 2025
Last Modified
June 26, 2026

🔗 CVE IDs covered (14)

📋 Description

CVE-2020-10740 — wildfly: unsafe deserialization in Wildfly Enterprise Java Beans CVE-2020-13949 — libthrift: potential DoS when processing untrusted payloads CVE-2020-25638 — hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used CVE-2020-25644 — wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL CVE-2020-27782 — undertow: special character in query results in server errors CVE-2020-36518 — jackson-databind: denial of service via a large depth of nested objects CVE-2021-28170 — jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate CVE-2021-37136 — netty-codec: Bzip2Decoder doesn't allow setting size restrictions for decompressed data CVE-2021-37137 — netty-codec: SnappyFrameDecoder doesn't restrict chunk length and may buffer skippable chunks in an unnecessary way CVE-2022-1259 — undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629) CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2023-5379 — undertow: AJP Request closes connection exceeding maxRequestSize CVE-2024-1233 — EAP: wildfly-elytron has a SSRF security issue

🔗 References (21)