Redhat

Data Grid

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.4

CVE-2023-4586

  • EPSS 0.13%
  • Veröffentlicht 04.10.2023 11:15:10
  • Zuletzt bearbeitet 21.11.2024 08:35:29

A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

9.8

CVE-2021-31917

  • EPSS 0.43%
  • Veröffentlicht 21.09.2021 11:15:07
  • Zuletzt bearbeitet 21.11.2024 06:06:30

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass authentication on all REST endpoints when DIGEST is used as the authentication method. The highest threat from t...

5.3

CVE-2021-3642

  • EPSS 0.27%
  • Veröffentlicht 05.08.2021 21:15:13
  • Zuletzt bearbeitet 21.11.2024 06:22:03

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

7.1

CVE-2020-10771

  • EPSS 0.09%
  • Veröffentlicht 02.06.2021 12:15:07
  • Zuletzt bearbeitet 21.11.2024 04:56:02

A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests. This flaw allows an attacker to perform a cross-site request forgery (CSRF) attack.

4.8

CVE-2021-3536

  • EPSS 0.28%
  • Veröffentlicht 20.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

6.5

CVE-2020-25711

  • EPSS 0.18%
  • Veröffentlicht 03.12.2020 17:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:32

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server w...

7.5

CVE-2020-25644

  • EPSS 0.6%
  • Veröffentlicht 06.10.2020 14:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:19

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availab...

4.9

CVE-2019-14838

  • EPSS 0.4%
  • Veröffentlicht 14.10.2019 15:15:09
  • Zuletzt bearbeitet 21.11.2024 04:27:28

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server

10

CVE-2015-7501

  • EPSS 71.46%
  • Veröffentlicht 09.11.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x...