Redhat

Jboss Enterprise Application Platform Expansion Pack

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-9784

  • EPSS 0.22%
  • Veröffentlicht 02.09.2025 13:37:59
  • Zuletzt bearbeitet 24.09.2025 14:15:52

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

6.5

CVE-2025-7784

  • EPSS 0.01%
  • Veröffentlicht 18.07.2025 13:48:45
  • Zuletzt bearbeitet 11.08.2025 19:16:40

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege e...

5.5

CVE-2025-5731

  • EPSS 0.02%
  • Veröffentlicht 26.06.2025 21:28:59
  • Zuletzt bearbeitet 02.09.2025 18:04:30

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

6.2

CVE-2025-2251

  • EPSS 2.03%
  • Veröffentlicht 07.04.2025 14:15:24
  • Zuletzt bearbeitet 14.07.2025 20:15:26

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw ...

4.6

CVE-2025-2901

  • EPSS 0.03%
  • Veröffentlicht 28.03.2025 14:15:22
  • Zuletzt bearbeitet 20.06.2025 12:15:21

Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.

6.5

CVE-2025-23366

  • EPSS 0.05%
  • Veröffentlicht 14.01.2025 18:16:06
  • Zuletzt bearbeitet 14.01.2025 18:16:06

A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authentica...

7.5

CVE-2023-4503

  • EPSS 0.19%
  • Veröffentlicht 06.02.2024 09:15:52
  • Zuletzt bearbeitet 21.11.2024 08:35:18

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the serve...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Veröffentlicht 14.09.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5

CVE-2022-1278

  • EPSS 0.88%
  • Veröffentlicht 13.09.2022 14:15:08
  • Zuletzt bearbeitet 21.11.2024 06:40:23

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

7.5

CVE-2022-0853

Exploit
  • EPSS 1.7%
  • Veröffentlicht 11.03.2022 18:15:25
  • Zuletzt bearbeitet 21.11.2024 06:39:31

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.