### Key Information Summary - **Identifier**: RHSA-2018:2419 - **Security Severity**: Important - **Release Date**: 2018-08-15 - **Update Date**: 2018-08-15 #### Vulnerability Details - **Issue**: Red Hat JBoss BPM Suite 6.4.11 Security Update - **Vulnerability Type**: Deserialization Vulnerability - **CVE**: CVE-2018-8088 - **Description**: The vulnerability exists in the `EventData` constructor of `slf4j`, which could lead to arbitrary code execution. #### Affected Products - **Red Hat JBoss Middleware Text-Only Advisories** for MIDDLEWARE 1x86_64 #### Solution - **Before Applying Update**: Back up existing installations, including applications, configuration files, databases, and settings. - **Update Steps**: Stop the JBoss Application Server process, install the update, then restart the process. #### Vulnerability Fix and Reporting - **Fix ID**: BZ - 1548909 - **Reporter**: Chris McCown #### References - [Security Updates Classified as Important](https://access.redhat.com/security/updates/classification/#important) - [List of Security Patches for Related Products](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=rhpam&downloadType=securityPatches&version=6.4) - [Documentation for Red Hat Process Automation Manager 6.4](https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/6.4/)