Описание
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform Expansion Pack | wildfly-ejb3 | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7.4.23 | wildfly-ejb3 | Fixed | RHSA-2025:10931 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-activemq-artemis | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-apache-cxf | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-artemis-native | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-elytron-web | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-glassfish-jsf | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-hal-console | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-hibernate-validator | Fixed | RHSA-2025:10925 | 14.07.2025 |
| Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 | eap7-ironjacamar | Fixed | RHSA-2025:10925 | 14.07.2025 |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication.
6.2 Medium
CVSS3