RHSA-2026:6011

Description

Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3.17 security update

CVSS Metrics

• v3.1•HIGH•Score: 8.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

Affected Systems

• redhat•eap7-apache-cxf

  < 0:3.4.10-3.SP2_redhat_00003.1.el7eap

• redhat•eap7-apache-cxf-rt

  < 0:3.4.10-3.SP2_redhat_00003.1.el7eap

• redhat•eap7-apache-cxf-services

  < 0:3.4.10-3.SP2_redhat_00003.1.el7eap

• redhat•eap7-apache-cxf-tools

  < 0:3.4.10-3.SP2_redhat_00003.1.el7eap

• redhat•eap7-eclipse-jgit

  < 0:5.13.5.202508271544-1.r_redhat_00001.1.el7eap

• redhat•eap7-hibernate

  < 0:5.3.38-1.Final_redhat_00001.1.el7eap

• redhat•eap7-hibernate-core

  < 0:5.3.38-1.Final_redhat_00001.1.el7eap

• redhat•eap7-hibernate-entitymanager

  < 0:5.3.38-1.Final_redhat_00001.1.el7eap

• redhat•eap7-hibernate-envers

  < 0:5.3.38-1.Final_redhat_00001.1.el7eap

• redhat•eap7-hibernate-java8

  < 0:5.3.38-1.Final_redhat_00001.1.el7eap

• redhat•eap7-jbossws-cxf

  < 0:5.3.0-2.SP1_redhat_00002.1.el7eap

• redhat•eap7-undertow

  < 0:2.0.41-7.SP8_redhat_00001.1.el7eap

• redhat•eap7-wildfly

  < 0:7.3.17-5.GA_redhat_00006.1.el7eap

• redhat•eap7-wildfly-java-jdk11

  < 0:7.3.17-5.GA_redhat_00006.1.el7eap

• redhat•eap7-wildfly-java-jdk8

  < 0:7.3.17-5.GA_redhat_00006.1.el7eap

• redhat•eap7-wildfly-javadocs

  < 0:7.3.17-5.GA_redhat_00006.1.el7eap

• redhat•eap7-wildfly-modules

  < 0:7.3.17-5.GA_redhat_00006.1.el7eap

References (27)

• https://access.redhat.com/errata/RHSA-2026:6011
• https://access.redhat.com/security/updates/classification/#critical
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html-single/installation_guide/index
• https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/7.3/html/7.3.0_release_notes/index
• https://bugzilla.redhat.com/show_bug.cgi?id=2275287
• https://bugzilla.redhat.com/show_bug.cgi?id=2367730
• https://bugzilla.redhat.com/show_bug.cgi?id=2387221
• https://bugzilla.redhat.com/show_bug.cgi?id=2427147
• https://issues.redhat.com/browse/JBEAP-31431
• https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6011.json
• https://access.redhat.com/security/cve/CVE-2024-3884
• https://www.cve.org/CVERecord?id=CVE-2024-3884
• https://nvd.nist.gov/vuln/detail/CVE-2024-3884
• https://access.redhat.com/security/cve/CVE-2025-4949
• https://www.cve.org/CVERecord?id=CVE-2025-4949
• https://nvd.nist.gov/vuln/detail/CVE-2025-4949
• https://gitlab.eclipse.org/security/cve-assignement/-/issues/64
• https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/281
• https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1
• https://access.redhat.com/security/cve/CVE-2025-48913
• https://www.cve.org/CVERecord?id=CVE-2025-48913
• https://nvd.nist.gov/vuln/detail/CVE-2025-48913
• https://lists.apache.org/thread/f1nv488ztc0js4g5ml2v88mzkzslyh83
• https://access.redhat.com/security/cve/CVE-2026-0603
• https://www.cve.org/CVERecord?id=CVE-2026-0603
• https://nvd.nist.gov/vuln/detail/CVE-2026-0603