8.1

CVE-2025-23368

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
Collection URLhttps://github.com/wildfly/wildfly-core
Package wildfly-core
Default Statusunknown
Version <= 27.0.0.Final
Version 0
Status affected
VendorRed Hat
Product Red Hat Build of Keycloak
Default Statusunaffected
VendorRed Hat
Product Red Hat Data Grid 8
Default Statusaffected
VendorRed Hat
Product Red Hat Fuse 7
Default Statusunknown
VendorRed Hat
Product Red Hat Integration Camel K 1
Default Statusaffected
VendorRed Hat
Product Red Hat JBoss Data Grid 7
Default Statusunknown
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform 7
Default Statusaffected
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform 8
Default Statusaffected
VendorRed Hat
Product Red Hat JBoss Enterprise Application Platform Expansion Pack
Default Statusunaffected
VendorRed Hat
Product Red Hat Process Automation 7
Default Statusunknown
VendorRed Hat
Product Red Hat Single Sign-On 7
Default Statusunknown
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.12% 0.324
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
secalert@redhat.com 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-307 Improper Restriction of Excessive Authentication Attempts

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.