{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright © Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "A new image is available for Red Hat Single Sign-On 7.6.12, running on OpenShift Container Platform 3.10 and 3.11, and 4.3.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On is an integrated sign-on solution, available as a\nRed Hat JBoss Middleware for OpenShift containerized image. The Red Hat\nSingle Sign-On for OpenShift image provides an authentication server that\nyou can use to log in centrally, log out, and register. You can also manage\nuser accounts for web applications, mobile applications, and RESTful web\nservices.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.6.12 for\nuse within the OpenShift Container Platform 3.10, OpenShift Container Platform\n3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release. This security update has moderate impact.\n\nSecurity fixes:\n* org.wildfly.core/wildfly-core-management-client: Wildfly vulnerable to Cross-Site Scripting (XSS) (CVE-2024-10234)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2025:11636",
        "url": "https://access.redhat.com/errata/RHSA-2025:11636"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "2320848",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_11636.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.6.12 for OpenShift image security update",
    "tracking": {
      "current_release_date": "2026-06-28T12:48:28+00:00",
      "generator": {
        "date": "2026-06-28T12:48:28+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.2.6"
        }
      },
      "id": "RHSA-2025:11636",
      "initial_release_date": "2025-07-23T15:24:53+00:00",
      "revision_history": [
        {
          "date": "2025-07-23T15:24:53+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2025-07-23T15:24:53+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-28T12:48:28+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Middleware Containers for OpenShift",
                "product": {
                  "name": "Middleware Containers for OpenShift",
                  "product_id": "8Base-RHOSE-Middleware",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:rhosemc:1.0::el8"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenShift Enterprise"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473?arch=s390x&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-67"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1?arch=amd64&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-67"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
                "product": {
                  "name": "rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
                  "product_id": "rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:oci/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd?arch=ppc64le&repository_url=registry.redhat.io/rh-sso-7/sso76-openshift-rhel8&tag=7.6-67"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64 as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x as a component of Middleware Containers for OpenShift",
          "product_id": "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x"
        },
        "product_reference": "rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x",
        "relates_to_product_reference": "8Base-RHOSE-Middleware"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-10234",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
      },
      "discovery_date": "2024-10-22T01:46:48.739000+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2320848"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A vulnerability was found in Wildfly, where a user may perform Cross-site scripting in the Wildfly deployment system. This flaw allows an attacker or insider to execute a deployment with a malicious payload, which could trigger undesired behavior against the server.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
          "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "RHBZ#2320848",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2320848"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2024-10234",
          "url": "https://www.cve.org/CVERecord?id=CVE-2024-10234"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-10234"
        }
      ],
      "release_date": "2024-10-22T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-07-23T15:24:53+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2025:11636"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:807dab9a35582f65f637efe5ec309c5308460a239891a990fa82474fbc836acd_ppc64le",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:864aad86c111a5fd86fc0021b53f029860331b6d663a9376d3a7ad8b40bedec1_amd64",
            "8Base-RHOSE-Middleware:rh-sso-7/sso76-openshift-rhel8@sha256:c5a69bbe0b726f1226ba3b6a156770ab5ffc7c53c7cb7441ae69a6b5e3195473_s390x"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "wildfly: Wildfly vulnerable to Cross-Site Scripting (XSS)"
    }
  ]
}