Vulnerabilities > Redhat > Jboss Data Grid

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-1710 Unspecified vulnerability in Redhat products
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
network
low complexity
redhat
5.3
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5
2020-04-21 CVE-2020-1757 Improper Input Validation vulnerability in Redhat products
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
network
low complexity
redhat CWE-20
8.1
2020-03-16 CVE-2019-14887 Unspecified vulnerability in Redhat products
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored.
network
low complexity
redhat
critical
9.1
2020-03-02 CVE-2019-14892 Deserialization of Untrusted Data vulnerability in multiple products
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes.
network
low complexity
fasterxml redhat apache CWE-502
critical
9.8
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2020-01-02 CVE-2019-10158 Session Fixation vulnerability in multiple products
A flaw was found in Infinispan through version 9.4.14.Final.
network
low complexity
infinispan redhat CWE-384
critical
9.8
2019-11-25 CVE-2019-10174 Unsafe Reflection vulnerability in multiple products
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges.
network
low complexity
infinispan redhat netapp CWE-470
8.8
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-02 CVE-2019-10212 Information Exposure Through Log Files vulnerability in multiple products
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security.
network
low complexity
redhat netapp CWE-532
critical
9.8