Redhat

Wildfly

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.2

CVE-2024-12369

  • EPSS 0.14%
  • Veröffentlicht 09.12.2024 21:15:08
  • Zuletzt bearbeitet 02.10.2025 12:15:28

A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorizat...

4.1

CVE-2024-4029

  • EPSS 0.01%
  • Veröffentlicht 02.05.2024 15:15:07
  • Zuletzt bearbeitet 21.11.2024 09:42:03

A vulnerability was found in Wildfly’s management interface. Due to the lack of limitation of sockets for the management interface, it may be possible to cause a denial of service hitting the nofile limit as there is no possibility to configure or se...

7.3

CVE-2024-1233

  • EPSS 0.18%
  • Veröffentlicht 09.04.2024 07:15:08
  • Zuletzt bearbeitet 21.11.2024 08:50:07

A flaw was found in` JwtValidator.resolvePublicKey` in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result ...

7.5

CVE-2022-1278

  • EPSS 0.88%
  • Veröffentlicht 13.09.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:23

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

3.3

CVE-2021-3644

  • EPSS 0.44%
  • Veröffentlicht 26.08.2022 16:15:09
  • Zuletzt bearbeitet 21.11.2024 06:22:03

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they ...

5.3

CVE-2022-0866

  • EPSS 0.15%
  • Veröffentlicht 10.05.2022 21:15:08
  • Zuletzt bearbeitet 21.11.2024 06:39:33

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRu...

4.3

CVE-2021-3503

  • EPSS 0.45%
  • Veröffentlicht 18.04.2022 17:15:15
  • Zuletzt bearbeitet 21.11.2024 06:21:41

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.

5.5

CVE-2020-1719

  • EPSS 0.12%
  • Veröffentlicht 07.06.2021 17:15:07
  • Zuletzt bearbeitet 21.11.2024 05:11:14

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0...

5.5

CVE-2020-14317

  • EPSS 0.03%
  • Veröffentlicht 02.06.2021 12:15:08
  • Zuletzt bearbeitet 21.11.2024 05:02:59

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file i...

4.8

CVE-2021-3536

  • EPSS 0.28%
  • Veröffentlicht 20.05.2021 13:15:07
  • Zuletzt bearbeitet 21.11.2024 06:21:47

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.