Inquiry on Persistent CVE-2023-5685 Vulnerability in JBoss EAP 7.4.17 Despite Previous Fix
Hi Community,
We’ve identified CVE-2023-5685 in our vulnerability scans for JBoss EAP 7.4.17. This vulnerability was reported as resolved in JBoss EAP versions 7.4.14 and later, according to Red Hat documentation (https://access.redhat.com/solutions/7063431#:~:text=Update%20to%20JBoss%20EAP%207.4.14%2B).
Our scans indicate this vulnerability persists in the XNIO package, specifically version 3.8.12.SP2-redhat-00001, while the fix is reportedly included in version 3.8.14.Final. Could there be any insights into why this CVE continues to appear in the latest patch releases? Additionally, any guidance on potential fixes or workarounds would be highly appreciated.
Thank you for your help!
Vulnerability Scan Report
Vulnerability Fix Notes