Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Red Hat JBoss EAP 7.4 ELS for RHEL 8

Source -

ADP

CNA CVEs -

0

ADP CVEs -

3

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found

CVE-2026-5598
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
ShareView Details
Assigner-91579145-5d7b-4cc5-b925-a0262ff19630
CVSS Score-8.9||HIGH
EPSS-0.69% / 48.28%
||
7 Day CHG+0.18%
Published-15 Apr, 2026 | 09:05
Updated-30 Jun, 2026 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Non-constant time comparisons risk private key leakage in FrodoKEM.

Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before 1.84.

Action-Not Available
Vendor-Legion of the Bouncy Castle Inc.Red Hat, Inc.
Product-BC-JAVARed Hat OpenShift AI (RHOAI)Red Hat build of QuarkusRed Hat AMQ Broker 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat build of Debezium 3Red Hat Enterprise Linux 9Red Hat build of Apache Camel for Spring Boot 4Red Hat Fuse 7Cryostat 4Red Hat build of Debezium 2streams for Apache Kafka 2Red Hat JBoss EAP 8.1 for RHEL 9Red Hat JBoss EAP 7.4 ELS for RHEL 8Red Hat JBoss Enterprise Application Platform 8.1Red Hat AMQ ClientsRed Hat JBoss EAP 7.4 ELS for RHEL 7 ServerRed Hat build of Apicurio Registry 3Red Hat Single Sign-On 7Red Hat build of Apache Camel 4 for Quarkus 3streams for Apache Kafka 3Red Hat Build of KeycloakRed Hat JBoss EAP 8.1 for RHEL 8Red Hat OpenShift Dev SpacesRed Hat Process Automation 7Red Hat Satellite 6Red Hat JBoss EAP 7.4 ELS for RHEL 9Red Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform 8OpenShift Developer Tools and ServicesRed Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-385
Covert Timing Channel
CVE-2026-0603
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-8.3||HIGH
EPSS-0.78% / 51.49%
||
7 Day CHG+0.18%
Published-23 Jan, 2026 | 06:31
Updated-30 Jun, 2026 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection

A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection vulnerability by providing specially crafted, unsanitized non-alphanumeric characters in the ID column when the InlineIdsOrClauseBuilder is used. This could lead to sensitive information disclosure, such as reading system files, and allow for data manipulation or deletion within the application's database, resulting in an application level denial of service.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat OpenShift AI (RHOAI)Red Hat AMQ Broker 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7Red Hat build of OptaPlanner 8Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat JBoss Enterprise Application PlatformRed Hat Single Sign-On 7Red Hat OpenShift Dev SpacesRed Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat Process Automation 7Red Hat Satellite 6Red Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat OpenShift AI (RHOAI)Red Hat AMQ Broker 7Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Fuse 7Red Hat build of OptaPlanner 8Red Hat JBoss EAP 7.4 ELS for RHEL 8Red Hat JBoss Enterprise Application PlatformRed Hat JBoss EAP 7.4 ELS for RHEL 7 ServerRed Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 ServerRed Hat OpenShift Dev SpacesRed Hat Process Automation 7Red Hat JBoss EAP 7.4 ELS for RHEL 9Red Hat Satellite 6Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 ServerRed Hat JBoss Enterprise Application Platform 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12543
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.18% / 63.86%
||
7 Day CHG~0.00%
Published-07 Jan, 2026 | 16:04
Updated-30 Jun, 2026 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions.

Action-Not Available
Vendor-Red Hat, Inc.
Product-data_gridbuild_of_apache_camelsingle_sign-onjboss_enterprise_application_platformfusejboss_enterprise_application_platform_expansion_packundertowprocess_automationRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 9Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9Red Hat build of Apache Camel - HawtIO 4Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Fuse 7Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 9Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7Red Hat JBoss Enterprise Application PlatformRed Hat JBoss Enterprise Application Platform 8.1Red Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8.0Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 7Red Hat JBoss Enterprise Application Platform 7.4 ELS on RHEL 8Red Hat Process Automation 7Red Hat Enterprise Linux 8Red Hat JBoss Enterprise Application Platform Expansion PackRed Hat JBoss Enterprise Application Platform 8.1 for RHEL 8Red Hat build of Apache Camel - HawtIO 4Red Hat Data Grid 8Red Hat JBoss Enterprise Application Platform 7Red Hat Enterprise Linux 9Red Hat Enterprise Linux 10Red Hat Fuse 7Red Hat JBoss EAP 8.1 for RHEL 9Red Hat JBoss EAP 7.4 ELS for RHEL 8Red Hat JBoss Enterprise Application Platform 8.1Red Hat JBoss Enterprise Application PlatformRed Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 ServerRed Hat JBoss EAP 7.4 ELS for RHEL 7 ServerRed Hat build of Apache Camel 4.14.4 for Spring Boot 3.5.11Red Hat Single Sign-On 7Red Hat JBoss Enterprise Application Platform 8.0Red Hat JBoss EAP 8.1 for RHEL 8Red Hat JBoss Enterprise Application Platform 7.3 EUS for RHEL 7 ServerRed Hat JBoss EAP 8.0 for RHEL 9Red Hat Process Automation 7Red Hat JBoss EAP 7.4 ELS for RHEL 9Red Hat Enterprise Linux 8Red Hat JBoss EAP 8.0 for RHEL 8Red Hat JBoss Enterprise Application Platform Expansion Pack
CWE ID-CWE-20
Improper Input Validation