RHSA-2026:6011CriticalCVSS 8.3
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update
🔗 CVE IDs covered (4)
📋 Description
CVE-2024-3884 — undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded CVE-2025-4949 — org.eclipse.jgit: XXE vulnerability in Eclipse JGit CVE-2025-48913 — org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability CVE-2026-0603 — org.hibernate/hibernate-core: Hibernate: Information disclosure and data deletion via second-order SQL injection
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2026:6011
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
- externalhttps://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275287
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2367730
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2387221
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2427147
- externalhttps://issues.redhat.com/browse/JBEAP-31431
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6011.json