Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.6
Red Hat JBoss EAP 8.0.12 Security Update Exposes Data
RHSA-2026:3889
Summary
Upgrading to Red Hat JBoss EAP 8.0.12 is recommended to ensure the latest security patches are applied, as failure to do so may allow unauthorized access to sensitive data. The update fixes several security issues that could potentially be exploited by attackers. IT teams should prioritize this update and apply it as soon as possible to maintain the security of their Red Hat JBoss EAP systems.
What to do
- Update redhat eap8-bouncycastle to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-bouncycastle-jmail to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-bouncycastle-pg to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-bouncycastle-pkix to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-bouncycastle-prov to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-bouncycastle-util to version 0:1.83.0-1.redhat_00001.1.el8eap.
- Update redhat eap8-codemodel to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-guava to version 0:33.0.0-2.jre_redhat_00003.1.el8eap.
- Update redhat eap8-guava-libraries to version 0:33.0.0-2.jre_redhat_00003.1.el8eap.
- Update redhat eap8-jaxb to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-jaxb-core to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-jaxb-jxc to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-jaxb-runtime to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-jaxb-xjc to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-jcip-annotations to version 0:1.0.0-3.redhat_00009.1.el8eap.
- Update redhat eap8-relaxng-datatype to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-rngom to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-slf4j-jboss-logmanager to version 0:2.0.2-1.Final_redhat_00001.1.el8eap.
- Update redhat eap8-txw2 to version 0:4.0.6-1.redhat_00001.1.el8eap.
- Update redhat eap8-undertow to version 0:2.3.23-1.SP3_redhat_00001.1.el8eap.
- Update redhat eap8-xsom to version 0:4.0.6-1.redhat_00001.1.el8eap.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| redhat | eap8-bouncycastle | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-bouncycastle-jmail | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-bouncycastle-pg | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-bouncycastle-pkix | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-bouncycastle-prov | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-bouncycastle-util | <= 0:1.83.0-1.redhat_00001.1.el8eap | 0:1.83.0-1.redhat_00001.1.el8eap |
| redhat | eap8-codemodel | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-guava | <= 0:33.0.0-2.jre_redhat_00003.1.el8eap | 0:33.0.0-2.jre_redhat_00003.1.el8eap |
| redhat | eap8-guava-libraries | <= 0:33.0.0-2.jre_redhat_00003.1.el8eap | 0:33.0.0-2.jre_redhat_00003.1.el8eap |
| redhat | eap8-jaxb | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-jaxb-core | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-jaxb-jxc | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-jaxb-runtime | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-jaxb-xjc | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-jcip-annotations | <= 0:1.0.0-3.redhat_00009.1.el8eap | 0:1.0.0-3.redhat_00009.1.el8eap |
| redhat | eap8-relaxng-datatype | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-rngom | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-slf4j-jboss-logmanager | <= 0:2.0.2-1.Final_redhat_00001.1.el8eap | 0:2.0.2-1.Final_redhat_00001.1.el8eap |
| redhat | eap8-txw2 | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
| redhat | eap8-undertow | <= 0:2.3.23-1.SP3_redhat_00001.1.el8eap | 0:2.3.23-1.SP3_redhat_00001.1.el8eap |
| redhat | eap8-xsom | <= 0:4.0.6-1.redhat_00001.1.el8eap | 0:4.0.6-1.redhat_00001.1.el8eap |
Original title
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.12 security update
osv CVSS3.1
9.6
- https://access.redhat.com/errata/RHSA-2026:3889 Vendor Advisory
- https://access.redhat.com/security/updates/classification/#important Third Party Advisory
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_pl... Third Party Advisory
- https://docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_pl... Third Party Advisory
- https://access.redhat.com/articles/7120566 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2275287 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2392306 Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2408784 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31073 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31251 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31325 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31343 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31357 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31397 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31420 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31438 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31446 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31453 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31566 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31579 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31596 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31679 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31708 Third Party Advisory
- https://issues.redhat.com/browse/JBEAP-31712 Third Party Advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_3889.j... Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2024-3884 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2024-3884 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-3884 Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2025-9784 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-9784 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-9784 Vendor Advisory
- https://github.com/undertow-io/undertow/pull/1778 Third Party Advisory
- https://github.com/undertow-io/undertow/releases/tag/2.2.38.Final Third Party Advisory
- https://issues.redhat.com/browse/UNDERTOW-2598 Third Party Advisory
- https://kb.cert.org/vuls/id/767506 Third Party Advisory
- https://access.redhat.com/security/cve/CVE-2025-12543 Third Party Advisory
- https://www.cve.org/CVERecord?id=CVE-2025-12543 Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-12543 Vendor Advisory
Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026