Redhat

Jboss Enterprise Application Platform Expansion Pack

17 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
3.1

CVE-2026-1190

  • EPSS 0.05%
  • Veröffentlicht 26.01.2026 19:36:53
  • Zuletzt bearbeitet 27.01.2026 14:59:34

A flaw was found in Keycloak's SAML brokering functionality. When Keycloak is configured as a client in a Security Assertion Markup Language (SAML) setup, it fails to validate the `NotOnOrAfter` timestamp within the `SubjectConfirmationData`. This al...

4.3

CVE-2025-14969

  • EPSS 0.01%
  • Veröffentlicht 26.01.2026 19:36:40
  • Zuletzt bearbeitet 27.01.2026 14:59:34

A flaw was found in Hibernate Reactive. When an HTTP endpoint is exposed to perform database operations, a remote client can prematurely close the HTTP connection. This action may lead to leaking connections from the database connection pool, potenti...

3.1

CVE-2026-1035

  • EPSS 0.03%
  • Veröffentlicht 21.01.2026 05:52:22
  • Zuletzt bearbeitet 26.01.2026 15:04:59

A flaw was found in the Keycloak server during refresh token processing, specifically in the TokenManager class responsible for enforcing refresh token reuse policies. When strict refresh token rotation is enabled, the validation and update of refres...

5.8

CVE-2026-1180

  • EPSS 0.04%
  • Veröffentlicht 20.01.2026 12:33:00
  • Zuletzt bearbeitet 26.01.2026 15:05:23

A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the d...

3.7

CVE-2026-0976

  • EPSS 0.04%
  • Veröffentlicht 15.01.2026 12:06:21
  • Zuletzt bearbeitet 16.01.2026 15:55:33

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker...

7.5

CVE-2025-9784

  • EPSS 0.05%
  • Veröffentlicht 02.09.2025 13:37:59
  • Zuletzt bearbeitet 08.01.2026 23:15:43

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

6.5

CVE-2025-7784

  • EPSS 0.01%
  • Veröffentlicht 18.07.2025 13:48:45
  • Zuletzt bearbeitet 11.08.2025 19:16:40

A flaw was found in the Keycloak identity and access management system when Fine-Grained Admin Permissions(FGAPv2) are enabled. An administrative user with the manage-users role can escalate their privileges to realm-admin due to improper privilege e...

5.5

CVE-2025-5731

  • EPSS 0.02%
  • Veröffentlicht 26.06.2025 21:28:59
  • Zuletzt bearbeitet 08.01.2026 04:15:55

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

6.2

CVE-2025-2251

  • EPSS 3.84%
  • Veröffentlicht 07.04.2025 14:15:24
  • Zuletzt bearbeitet 14.07.2025 20:15:26

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw ...

4.6

CVE-2025-2901

  • EPSS 0.03%
  • Veröffentlicht 28.03.2025 14:15:22
  • Zuletzt bearbeitet 20.06.2025 12:15:21

Rejected reason: This vulnerability is redundant to CVE-2025-23366 and CVE-2024-10234.