Inquiry on Persistent CVE-2023-5685 Vulnerability in JBoss EAP 7.4.17 Despite Previous Fix

Comments

Hi Community,

We’ve identified CVE-2023-5685 in our vulnerability scans for JBoss EAP 7.4.17. This vulnerability was reported as resolved in JBoss EAP versions 7.4.14 and later, according to Red Hat documentation (https://access.redhat.com/solutions/7063431#:~:text=Update%20to%20JBoss%20EAP%207.4.14%2B).

Our scans indicate this vulnerability persists in the XNIO package, specifically version 3.8.12.SP2-redhat-00001, while the fix is reportedly included in version 3.8.14.Final. Could there be any insights into why this CVE continues to appear in the latest patch releases? Additionally, any guidance on potential fixes or workarounds would be highly appreciated.

Thank you for your help!

Vulnerability Scan Report
vulnerability report

Vulnerability Fix Notes

Started 2024-11-01T07:28:32+00:00 by

sahil singh

Newbie 5 points

Select Your Language

Inquiry on Persistent CVE-2023-5685 Vulnerability in JBoss EAP 7.4.17 Despite Previous Fix

Responses

Quick Links

Help

Site Info

Related Sites

About

Red Hat legal and privacy links

Red Hat legal and privacy links

Responses

Quick Links

Help

Site Info

Related Sites

Systems Status

About

Red Hat legal and privacy links

Red Hat legal and privacy links