Vulnerabilities - solved since what patch version?

Hi there

this question probably emerges because of my ignorance of the JBoss development processes.

Let's take into consideration CVE-2017-12629: I couldn't find a grid to determine what JBoss EAP versions are affected, but the advisory on the Red Hat CVE site states that it doesn't affect EAP v6.x.x and that a fix has been delivered since v7.0.9; how can I determine whether v7.1.0, which was released before v7.0.9, is affected or not?

The related erratas also mention only v7.0.9.

Please note that this is an example, there are many cases where the versions involved are more than 2.

Can someone explain how can I certainly determine whether an EAP version is affected or not by a CVE?

Thanks