The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5894 advisory.

    Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly     application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.6 is a first     release for Red Hat JBoss Enterprise Application Platform 7.4 on Red Hat Enterprise Linux 9, and includes     bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.6 Release Notes for     information about the most significant bug fixes and enhancements included in this release.
    Security Fix(es):

    * com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson     (CVE-2022-25647)

    * org.jboss.hal-hal-parent: minimist: prototype pollution (CVE-2021-44906)

    * netty: world readable temporary file containing sensitive data (CVE-2022-24823)

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 9 : Red Hat JBoss Enterprise Application Platform 7.4.6 Security update. (Moderate) (RHSA-2022:5894)

critical Nessus Plugin ID 163916

Version 1.10

Version 1.9

Version 1.8

Version 1.7

Version 1.6

Version 1.10 Nov 7, 2024, 5:29 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411071729
Version 1.9 Jun 4, 2024, 9:37 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202406042137
Version 1.8 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425
Version 1.7 Oct 16, 2023, 2:13 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") CVSSv3 score source (set to "CVE-2021-44906") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202310161413
Version 1.6 Feb 3, 2023, 4:48 AM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202302030448