Redhat

Wildfly

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.6

CVE-2025-12543

  • EPSS 0.15%
  • Veröffentlicht 07.01.2026 16:04:22
  • Zuletzt bearbeitet 08.01.2026 23:15:42

A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed ...

6.5

CVE-2025-23367

  • EPSS 0.19%
  • Veröffentlicht 30.01.2025 15:15:18
  • Zuletzt bearbeitet 06.12.2025 01:15:48

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resum...

4.2

CVE-2024-12369

  • EPSS 0.31%
  • Veröffentlicht 09.12.2024 21:15:08
  • Zuletzt bearbeitet 26.01.2026 22:15:52

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorizat...

4.1

CVE-2024-4029

  • EPSS 0.01%
  • Veröffentlicht 02.05.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 09:42:03

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or se...

7.3

CVE-2024-1233

  • EPSS 0.18%
  • Veröffentlicht 09.04.2024 07:15:08
  • Zuletzt bearbeitet 24.10.2025 12:15:36

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result ...

7.5

CVE-2022-1278

  • EPSS 0.88%
  • Veröffentlicht 13.09.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:23

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

3.3

CVE-2021-3644

  • EPSS 0.44%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:03

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they ...

5.3

CVE-2022-0866

  • EPSS 0.27%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 06.11.2025 11:33:54

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRu...

4.3

CVE-2021-3503

  • EPSS 0.32%
  • Veröffentlicht 18.04.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:41

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

5.5

CVE-2020-1719

  • EPSS 0.12%
  • Veröffentlicht 07.06.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:11:14

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0...