Red Hat JBoss Enterprise Application Platform 7.1.14 addresses multiple security vulnerabilities: CVE-2024-3884 in Undertow causes an OutOfMemory condition when parsing form data encoded with application/x-www-form-urlencoded; CVE-2025-48913 in Apache CXF allows code execution via JMS; and CVE-2026-0603 in Hibernate core enables information disclosure and data deletion through a second-order SQL injection. These vulnerabilities affect the platform's components responsible for web request handling, messaging, and database interaction. The update replaces the previous 7.1.13 release and includes bug fixes and enhancements alongside security patches. Red Hat rates the update as important and recommends applying it after ensuring prior errata are installed and backing up existing installations.

The vulnerabilities could lead to denial of service via OutOfMemory in Undertow (CVE-2024-3884), remote code execution through Apache CXF JMS component (CVE-2025-48913), and unauthorized information disclosure and data deletion via Hibernate second-order SQL injection (CVE-2026-0603). These impacts affect confidentiality, integrity, and availability of applications running on the affected platform. No known exploits in the wild are reported. The issues are rated as important by Red Hat, indicating significant security risk if unpatched.

Red Hat has released version 7.1.14 of JBoss Enterprise Application Platform containing fixes for these vulnerabilities. Users should apply this update after ensuring all previously released errata are installed and backing up their systems, including applications, configurations, and databases. Detailed update instructions are available from Red Hat's official documentation. No alternative mitigations or workarounds are indicated in the advisory. Patch status is confirmed by the vendor advisory.