{"id":"RHSA-2025:4226","summary":"Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.1.10 on RHEL 7 security update","modified":"2026-04-02T10:14:11Z","published":"2025-04-28T10:03:38Z","upstream":["CVE-2021-3690","CVE-2021-37714","CVE-2021-3859","CVE-2021-40690","CVE-2022-0084","CVE-2022-1319","CVE-2022-2053","CVE-2022-23913","CVE-2022-24785","CVE-2022-25647","CVE-2022-25857","CVE-2022-40149","CVE-2022-40152","CVE-2023-1108","CVE-2023-1973","CVE-2023-3223","CVE-2024-1635"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2025:4226"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/#important"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1"},{"type":"ARTICLE","url":"https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.1/html-single/installation_guide/index"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991299"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995259"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2010378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2011190"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2063601"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064226"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2072009"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2073890"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2080850"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2095862"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2126789"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2134291"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2135771"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2174246"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2185662"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2209689"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2264928"},{"type":"ARTICLE","url":"https://issues.redhat.com/browse/JBEAP-29286"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_4226.json"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3690"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-3690"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3690"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-3859"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-3859"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3859"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-37714"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-37714"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-37714"},{"type":"ARTICLE","url":"https://github.com/jhy/jsoup/security/advisories/GHSA-m72m-mhq2-9p6c"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-40690"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-40690"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40690"},{"type":"ARTICLE","url":"https://lists.apache.org/thread.html/r8848751b6a5dd78cc9e99d627e74fecfaffdfa1bb615dce827aad633%40%3Cdev.santuario.apache.org%3E"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-0084"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-0084"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0084"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-1319"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-1319"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-1319"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-2053"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-2053"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-2053"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-23913"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-23913"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23913"},{"type":"ARTICLE","url":"https://lists.apache.org/thread/fjynj57rd99s814rdn5hzvmx8lz403q2"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-24785"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-24785"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24785"},{"type":"ARTICLE","url":"https://github.com/moment/moment/security/advisories/GHSA-8hfj-j24r-96c4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-25647"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-25647"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25647"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-25857"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-25857"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-25857"},{"type":"ARTICLE","url":"https://bitbucket.org/snakeyaml/snakeyaml/issues/525"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-40149"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-40149"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40149"},{"type":"ARTICLE","url":"https://github.com/jettison-json/jettison/releases/tag/jettison-1.5.1"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-40152"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-40152"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-40152"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-3f7h-mf4q-vrm4"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1108"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-1108"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1108"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-m4mm-pg93-fv78"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-1973"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-1973"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-1973"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-3223"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-3223"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-3223"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-1635"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-1635"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-1635"}],"affected":[{"package":{"name":"eap7-activemq-artemis","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-cli","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-cli"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-commons","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-commons"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-core-client","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-core-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-dto","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-dto"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-hornetq-protocol","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-hornetq-protocol"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-hqclient-protocol","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-hqclient-protocol"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-jdbc-store","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-jdbc-store"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-jms-client","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-jms-client"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-jms-server","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-jms-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-journal","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-journal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-native","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-native"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-ra","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-ra"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-selector","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-selector"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-server","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-server"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-activemq-artemis-service-extensions","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-activemq-artemis-service-extensions"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-artemis-native","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-artemis-native"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-artemis-native-debuginfo","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-artemis-native-debuginfo"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-artemis-native-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-artemis-native-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.5.5.016-1.redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-jboss-xnio-base","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-jboss-xnio-base"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.11-1.Final_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-jsoup","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-jsoup"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.14.2-1.redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-undertow","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-undertow"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.18-14.SP13_redhat_00001.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-wildfly","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.10-2.GA_redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-wildfly-modules","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-wildfly-modules"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:7.1.10-2.GA_redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-woodstox-core","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-woodstox-core"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.0.3-2.redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}},{"package":{"name":"eap7-xml-security","ecosystem":"Red Hat:jboss_enterprise_application_platform_eus:7.1::el7","purl":"pkg:rpm/redhat/eap7-xml-security"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.10-2.redhat_00002.1.ep7.el7"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2025:4226.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}