Red Hat JBoss Enterprise Application Platform 8.0 update for Wildfly
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-10234 |
| CWE-ID | CWE-79 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
JBoss Enterprise Application Platform Server applications / Application servers eap8-xml-commons-resolver (Red Hat package) Operating systems & Components / Operating system package or component eap8-woodstox-core (Red Hat package) Operating systems & Components / Operating system package or component eap8-wildfly-common (Red Hat package) Operating systems & Components / Operating system package or component eap8-wildfly (Red Hat package) Operating systems & Components / Operating system package or component eap8-staxmapper (Red Hat package) Operating systems & Components / Operating system package or component eap8-slf4j-jboss-logmanager (Red Hat package) Operating systems & Components / Operating system package or component eap8-reactivex-rxjava2 (Red Hat package) Operating systems & Components / Operating system package or component eap8-jul-to-slf4j-stub (Red Hat package) Operating systems & Components / Operating system package or component eap8-json-patch (Red Hat package) Operating systems & Components / Operating system package or component eap8-jcip-annotations (Red Hat package) Operating systems & Components / Operating system package or component eap8-jbossws-spi (Red Hat package) Operating systems & Components / Operating system package or component eap8-jbossws-cxf (Red Hat package) Operating systems & Components / Operating system package or component eap8-jbossws-common (Red Hat package) Operating systems & Components / Operating system package or component eap8-jbossws-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-vfs (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-transaction-spi (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-threads (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-stdio (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-remoting-jmx (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-msc (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-logmanager (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-invocation (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-iiop-client (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-genericjms (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-el (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-ejb3-ext-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-dmr (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-common-beans (Red Hat package) Operating systems & Components / Operating system package or component eap8-jboss-aesh (Red Hat package) Operating systems & Components / Operating system package or component eap8-javaewah (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-servlet-jsp-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-security-enterprise-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-enterprise-lang-model (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-enterprise-concurrent-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-enterprise-concurrent (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-authorization-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jakarta-authentication-api (Red Hat package) Operating systems & Components / Operating system package or component eap8-jackson-coreutils (Red Hat package) Operating systems & Components / Operating system package or component eap8-hibernate-commons-annotations (Red Hat package) Operating systems & Components / Operating system package or component eap8-hal-console (Red Hat package) Operating systems & Components / Operating system package or component eap8-h2database (Red Hat package) Operating systems & Components / Operating system package or component eap8-gnu-getopt (Red Hat package) Operating systems & Components / Operating system package or component eap8-eap-product-conf-parent (Red Hat package) Operating systems & Components / Operating system package or component eap8-azure-storage (Red Hat package) Operating systems & Components / Operating system package or component eap8-artemis-wildfly-integration (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Stored cross-site scripting
EUVDB-ID: #VU105956
Risk: Low
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-10234
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in the user's browser.
Install updates from vendor's website.
JBoss Enterprise Application Platform: 8.0 - 8.0.5
eap8-xml-commons-resolver (Red Hat package): before 1.2.0-3.redhat_12.1.el9eap
eap8-woodstox-core (Red Hat package): before 6.4.0-3.redhat_00003.1.el9eap
eap8-wildfly-common (Red Hat package): before 1.6.0-4.Final_redhat_00001.1.el9eap
eap8-wildfly (Red Hat package): before 8.0.6-5.GA_redhat_00004.1.el9eap
eap8-staxmapper (Red Hat package): before 1.4.0-2.Final_redhat_00001.1.el9eap
eap8-slf4j-jboss-logmanager (Red Hat package): before 2.0.1-2.Final_redhat_00001.1.el9eap
eap8-reactivex-rxjava2 (Red Hat package): before 2.2.21-2.redhat_00001.2.el9eap
eap8-jul-to-slf4j-stub (Red Hat package): before 1.0.1-2.Final_redhat_3.1.el9eap
eap8-json-patch (Red Hat package): before 1.9.0-2.redhat_00002.1.el9eap
eap8-jcip-annotations (Red Hat package): before 1.0.0-2.redhat_8.1.el9eap
eap8-jbossws-spi (Red Hat package): before 5.0.0-2.Final_redhat_00001.1.el9eap
eap8-jbossws-cxf (Red Hat package): before 7.3.1-1.Final_redhat_00001.1.el9eap
eap8-jbossws-common (Red Hat package): before 5.1.0-1.Final_redhat_00001.1.el9eap
eap8-jbossws-api (Red Hat package): before 3.0.0-2.Final_redhat_00001.1.el9eap
eap8-jboss-vfs (Red Hat package): before 3.3.0-2.Final_redhat_00001.1.el9eap
eap8-jboss-transaction-spi (Red Hat package): before 8.0.0-3.Final_redhat_00001.1.el9eap
eap8-jboss-threads (Red Hat package): before 2.4.0-3.Final_redhat_00001.1.el9eap
eap8-jboss-stdio (Red Hat package): before 1.1.0-2.Final_redhat_00001.1.el9eap
eap8-jboss-remoting-jmx (Red Hat package): before 3.0.4-2.Final_redhat_00001.1.el9eap
eap8-jboss-msc (Red Hat package): before 1.5.1-2.Final_redhat_00001.1.el9eap
eap8-jboss-logmanager (Red Hat package): before 2.1.19-2.Final_redhat_00001.1.el9eap
eap8-jboss-invocation (Red Hat package): before 2.0.0-2.Final_redhat_00001.1.el9eap
eap8-jboss-iiop-client (Red Hat package): before 2.0.1-2.Final_redhat_00001.1.el9eap
eap8-jboss-genericjms (Red Hat package): before 3.0.0-3.Final_redhat_00001.1.el9eap
eap8-jboss-el (Red Hat package): before api_5.0_spec-4.0.1-2.Final_redhat_00001.1.el9eap
eap8-jboss-ejb3-ext-api (Red Hat package): before 2.3.0-2.Final_redhat_00001.1.el9eap
eap8-jboss-dmr (Red Hat package): before 1.6.1-2.Final_redhat_00001.1.el9eap
eap8-jboss-common-beans (Red Hat package): before 2.0.1-2.Final_redhat_00001.1.el9eap
eap8-jboss-aesh (Red Hat package): before 2.4.0-2.redhat_00001.1.el9eap
eap8-javaewah (Red Hat package): before 1.1.13-2.redhat_00001.1.el9eap
eap8-jakarta-servlet-jsp-api (Red Hat package): before 3.1.0-3.redhat_00001.1.el9eap
eap8-jakarta-security-enterprise-api (Red Hat package): before 3.0.0-2.redhat_00001.1.el9eap
eap8-jakarta-enterprise-lang-model (Red Hat package): before 4.0.1-2.redhat_00001.1.el9eap
eap8-jakarta-enterprise-concurrent-api (Red Hat package): before 3.0.2-2.redhat_00001.1.el9eap
eap8-jakarta-enterprise-concurrent (Red Hat package): before 3.0.0-4.redhat_00001.1.el9eap
eap8-jakarta-authorization-api (Red Hat package): before 2.1.0-3.redhat_00001.1.el9eap
eap8-jakarta-authentication-api (Red Hat package): before 3.0.0-3.redhat_00001.1.el9eap
eap8-jackson-coreutils (Red Hat package): before 1.8.0-2.redhat_00002.1.el9eap
eap8-hibernate-commons-annotations (Red Hat package): before 6.0.6-2.Final_redhat_00001.1.el9eap
eap8-hal-console (Red Hat package): before 3.6.23-1.Final_redhat_00001.1.el9eap
eap8-h2database (Red Hat package): before 2.1.214-2.redhat_00001.1.el9eap
eap8-gnu-getopt (Red Hat package): before 1.0.13-2.redhat_5.1.el9eap
eap8-eap-product-conf-parent (Red Hat package): before 800.6.0-2.GA_redhat_00002.1.el9eap
eap8-azure-storage (Red Hat package): before 8.6.6-5.redhat_00001.1.el9eap
eap8-artemis-wildfly-integration (Red Hat package): before 2.0.3-1.Final_redhat_00001.1.el9eap
CPE2.3- cpe:2.3:a:red_hat:jboss_enterprise_application_platform:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:jboss_enterprise_application_platform:8.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:red_hat:jboss_enterprise_application_platform:8.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:red_hat:eap8-xml-commons-resolver_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-woodstox-core_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-wildfly-common_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-wildfly_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-staxmapper_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-slf4j-jboss-logmanager_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-reactivex-rxjava2_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jul-to-slf4j-stub_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-json-patch_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jcip-annotations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jbossws-spi_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jbossws-cxf_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jbossws-common_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jbossws-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-vfs_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-transaction-spi_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-threads_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-stdio_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-remoting-jmx_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-msc_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-logmanager_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-invocation_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-iiop-client_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-genericjms_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-el_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-ejb3-ext-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-dmr_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-common-beans_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jboss-aesh_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-javaewah_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-servlet-jsp-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-security-enterprise-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-enterprise-lang-model_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-enterprise-concurrent-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-enterprise-concurrent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-authorization-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jakarta-authentication-api_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-jackson-coreutils_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-hibernate-commons-annotations_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-hal-console_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-h2database_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-gnu-getopt_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-eap-product-conf-parent_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-azure-storage_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
- cpe:2.3:o:red_hat:eap8-artemis-wildfly-integration_redhat_package:*:*:*:*:*:red_hat_enterprise_linux:*:*
https://access.redhat.com/errata/RHSA-2025:2026
https://access.redhat.com/errata/RHSA-2025:2029
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
