VDB
RHSA-2018%3A0629
RHSA-2018%3A0629
PUBLISHED
CVSS 8.100000381469727 HIGH
An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution.
Risk Scores
CVSS 3.0
8.100000381469727
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss EAP 7.1 |
Timeline
- Apr 3, 2018 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2018:0629 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/ advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.1 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1548909 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_0629.json advisory
- https://access.redhat.com/security/cve/CVE-2018-8088 advisory
- https://www.cve.org/CVERecord?id=CVE-2018-8088 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2018-8088 advisory