Red hat jboss enterprise application platform 8.0 for rhel 9

This hub aggregates every CVE we track for Red hat jboss enterprise application platform 8.0 for rhel 9, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat jboss enterprise application platform 8.0 for rhel 9.

• CVE-2025-12543Undertow-core: undertow http server fails to reject malformed host headers leading to potential cache poisoning and ssrf9.6Jan 7, 2026
• CVE-2024-3884Undertow: outofmemory when parsing form data encoding with application/x-www-form-urlencoded7.5Dec 3, 2025
• CVE-2025-9784Undertow: undertow madeyoureset http/2 ddos vulnerability7.5Sep 2, 2025
• CVE-2025-2251Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code execution6.2Apr 7, 2025
• CVE-2025-23367Org.wildfly.core:wildfly-server: wildfly improper rbac permission6.5Jan 30, 2025
• CVE-2024-8447Narayana: deadlock via multiple join requests sent to lra coordinator5.9Jan 2, 2025
• CVE-2024-12369Elytron-oidc-client: oidc authorization code injection4.2Dec 9, 2024
• CVE-2023-4639Undertow: cookie smuggling/spoofing7.4Nov 17, 2024
• CVE-2023-1973Undertow: unrestricted request storage leads to memory exhaustion7.5Nov 7, 2024
• CVE-2024-10234Wildfly: wildfly vulnerable to cross-site scripting (xss)6.1Oct 22, 2024
• CVE-2024-8883Keycloak: vulnerable redirect uri validation results in open redirec6.1Sep 19, 2024
• CVE-2024-8698Keycloak-saml-core: improper verification of saml responses leading to privilege escalation in keycloak7.7Sep 19, 2024
• CVE-2024-7885Undertow: improper state management in proxy protocol parsing causes information leakage7.5Aug 21, 2024
• CVE-2024-4029Wildfly: no timeout for eap management interface may lead to denial of service (dos)4.1May 2, 2024
• CVE-2024-1102Jberet: jberet-core logging database credentials6.5Apr 25, 2024