Important: Red Hat Security Advisory: JBoss EAP XP 5.0 Update 4.0 release. See references for release notes.

🗓️ 05 Mar 2026 20:00:33Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 7 Views

Security fixes for JBoss EAP XP 5.0 Update 4.0 address cache manipulation, DoS, and disclosure risks.

Reporter	Title	Published	Views	Family All 445
IBM Security Bulletins	Security Bulletin: IBM Operational Decision Manager for December 2025 - Multiple CVEs addressed	29 Jan 202607:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in yawkat LZ4 Java affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge.	22 Jun 202613:40	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in netty-codec-4.1.124.Final.jar, netty-codec-http-4.1.108.Final.jar, netty-codec-http2-4.1.124.Final.jar affecting MongoDB Enterprised Advanced (CVE-2025-58056, CVE-2025-58057, CVE-2025-67735)	24 Feb 202619:17	–	ibm
IBM Security Bulletins	Security Bulletin: There is a vulnerability in lz4-java-1.8.1.jar used by IBM Maximo Manage application in IBM Maximo Application Suite (CVE-2025-66566)	2 Feb 202612:48	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Enterprise Build of Quarkus is affected by multiple vulnerabilities	15 Apr 202615:10	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Security QRadar EDR Software	27 Nov 202512:09	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities have been identified in IBM DB2 shipped with IBM WebSphere Remote Server	10 Feb 202603:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Datapower Operations Dashboard is vulnerable to HTTP Request Smuggling CVE-2026-1002	8 Jun 202616:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® Db2® is affected by a vulnerability in netty-codec, netty-codec-http and netty-codec-http2 (CVE-2025-58056, CVE-2025-58057, CVE-2025-55163)	29 Jan 202615:17	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2025-58057
access	www.access.redhat.com/security/cve/CVE-2025-66566
access	www.access.redhat.com/security/cve/CVE-2026-1002
access	www.access.redhat.com/security/updates/classification/
docs	www.docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/jboss_eap_xp_5.0_upgrade_and_migration_guide/index
docs	www.docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/red_hat_jboss_eap_xp_5.0_release_notes/index
docs	www.docs.redhat.com/en/documentation/red_hat_jboss_enterprise_application_platform/8.0/html/using_jboss_eap_xp_5.0/index

10 Jun 2026 21:23Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.5

CVSS 48.2

EPSS0.00561

SSVC

jboss enterprise static cache issue netty brotli dos lz4 java disclosure update four