In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. References: http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt
This vulnerability is out of security support scope for the following products: * Red Hat JBoss Fuse 6 * Red Hat JBoss A-MQ 6 * Red Hat JBoss Fuse Service Works 6 * Red Hat JBoss Data Grid 7 Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details
RHV consumes from EAP7 channels which are not affected, hence RHV is also not affected.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-1941