Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
RHSA-2026:33371
See a problem?
Please try reporting it
to the source
first.
Source
https://access.redhat.com/errata/RHSA-2026:33371
Import Source
https://security.access.redhat.com/data/osv/RHSA-2026:33371.json
JSON Data
https://api.test.osv.dev/v1/vulns/RHSA-2026:33371
Upstream
CVE-2024-29371
CVE-2025-12543
CVE-2025-13465
CVE-2025-15284
CVE-2025-23184
CVE-2025-23368
CVE-2025-66412
CVE-2025-69873
CVE-2025-9784
CVE-2026-1002
CVE-2026-24842
Published
2026-06-30T10:49:44Z
Modified
2026-06-30T18:34:51.424018690Z
Severity
9.6 (Critical)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L
CVSS Calculator
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.18 security update
Details
References
https://access.redhat.com/errata/RHSA-2026:33371
https://access.redhat.com/security/updates/classification/#important
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index
https://bugzilla.redhat.com/show_bug.cgi?id=2339095
https://bugzilla.redhat.com/show_bug.cgi?id=2392306
https://bugzilla.redhat.com/show_bug.cgi?id=2408784
https://bugzilla.redhat.com/show_bug.cgi?id=2423194
https://issues.redhat.com/browse/JBEAP-31703
https://issues.redhat.com/browse/JBEAP-33004
https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_33371.json
https://access.redhat.com/security/cve/CVE-2024-29371
https://www.cve.org/CVERecord?id=CVE-2024-29371
https://nvd.nist.gov/vuln/detail/CVE-2024-29371
https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
https://access.redhat.com/security/cve/CVE-2025-9784
https://www.cve.org/CVERecord?id=CVE-2025-9784
https://nvd.nist.gov/vuln/detail/CVE-2025-9784
https://github.com/undertow-io/undertow/pull/1778
https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final
https://issues.redhat.com/browse/UNDERTOW-2598
https://kb.cert.org/vuls/id/767506
https://access.redhat.com/security/cve/CVE-2025-12543
https://www.cve.org/CVERecord?id=CVE-2025-12543
https://nvd.nist.gov/vuln/detail/CVE-2025-12543
https://access.redhat.com/security/cve/CVE-2025-13465
https://bugzilla.redhat.com/show_bug.cgi?id=2431740
https://www.cve.org/CVERecord?id=CVE-2025-13465
https://nvd.nist.gov/vuln/detail/CVE-2025-13465
https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg
https://access.redhat.com/security/cve/CVE-2025-15284
https://bugzilla.redhat.com/show_bug.cgi?id=2425946
https://www.cve.org/CVERecord?id=CVE-2025-15284
https://nvd.nist.gov/vuln/detail/CVE-2025-15284
https://github.com/ljharb/qs/commit/3086902ecf7f088d0d1803887643ac6c03d415b9
https://github.com/ljharb/qs/security/advisories/GHSA-6rw7-vpxm-498p
https://access.redhat.com/security/cve/CVE-2025-23184
https://www.cve.org/CVERecord?id=CVE-2025-23184
https://nvd.nist.gov/vuln/detail/CVE-2025-23184
https://lists.apache.org/thread/lfs8l63rnctnj2skfrxyys7v8fgnt122
https://access.redhat.com/security/cve/CVE-2025-23368
https://bugzilla.redhat.com/show_bug.cgi?id=2337621
https://www.cve.org/CVERecord?id=CVE-2025-23368
https://nvd.nist.gov/vuln/detail/CVE-2025-23368
https://www.gruppotim.it/it/footer/red-team.html
https://access.redhat.com/security/cve/CVE-2025-66412
https://bugzilla.redhat.com/show_bug.cgi?id=2418155
https://www.cve.org/CVERecord?id=CVE-2025-66412
https://nvd.nist.gov/vuln/detail/CVE-2025-66412
https://github.com/angular/angular/commit/1c6b0704fb63d051fab8acff84d076abfbc4893a
https://github.com/angular/angular/security/advisories/GHSA-v4hv-rgfq-gp49
https://access.redhat.com/security/cve/CVE-2025-69873
https://bugzilla.redhat.com/show_bug.cgi?id=2439070
https://www.cve.org/CVERecord?id=CVE-2025-69873
https://nvd.nist.gov/vuln/detail/CVE-2025-69873
https://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69873-ajv-ReDoS.md
https://access.redhat.com/security/cve/CVE-2026-1002
https://bugzilla.redhat.com/show_bug.cgi?id=2430180
https://www.cve.org/CVERecord?id=CVE-2026-1002
https://nvd.nist.gov/vuln/detail/CVE-2026-1002
https://github.com/eclipse-vertx/vert.x/pull/5895
https://access.redhat.com/security/cve/CVE-2026-24842
https://bugzilla.redhat.com/show_bug.cgi?id=2433645
https://www.cve.org/CVERecord?id=CVE-2026-24842
https://nvd.nist.gov/vuln/detail/CVE-2026-24842
https://github.com/isaacs/node-tar/commit/f4a7aa9bc3d717c987fdf1480ff7a64e87ffdb46
https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v
Affected packages
Red Hat:jboss_enterprise_application_platform_eus:7.3::el7
eap7-wildfly
Package
Name
eap7-wildfly
Purl
pkg:rpm/redhat/eap7-wildfly
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.3.18-3.GA_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-wildfly-java-jdk11
Package
Name
eap7-wildfly-java-jdk11
Purl
pkg:rpm/redhat/eap7-wildfly-java-jdk11
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.3.18-3.GA_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-wildfly-java-jdk8
Package
Name
eap7-wildfly-java-jdk8
Purl
pkg:rpm/redhat/eap7-wildfly-java-jdk8
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.3.18-3.GA_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-wildfly-javadocs
Package
Name
eap7-wildfly-javadocs
Purl
pkg:rpm/redhat/eap7-wildfly-javadocs
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.3.18-3.GA_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-wildfly-modules
Package
Name
eap7-wildfly-modules
Purl
pkg:rpm/redhat/eap7-wildfly-modules
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:7.3.18-3.GA_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-undertow
Package
Name
eap7-undertow
Purl
pkg:rpm/redhat/eap7-undertow
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:2.0.41-8.SP9_redhat_00001.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-apache-cxf
Package
Name
eap7-apache-cxf
Purl
pkg:rpm/redhat/eap7-apache-cxf
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.4.10-4.SP2_redhat_00004.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-apache-cxf-rt
Package
Name
eap7-apache-cxf-rt
Purl
pkg:rpm/redhat/eap7-apache-cxf-rt
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.4.10-4.SP2_redhat_00004.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-apache-cxf-services
Package
Name
eap7-apache-cxf-services
Purl
pkg:rpm/redhat/eap7-apache-cxf-services
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.4.10-4.SP2_redhat_00004.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
eap7-apache-cxf-tools
Package
Name
eap7-apache-cxf-tools
Purl
pkg:rpm/redhat/eap7-apache-cxf-tools
Affected ranges
Type
ECOSYSTEM
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
0:3.4.10-4.SP2_redhat_00004.1.el7eap
Database specific
source
"https://security.access.redhat.com/data/osv/RHSA-2026:33371.json"
RHSA-2026:33371 - OSV