Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.4.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2019-19343 | Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. | 7.5 |
| 2020-01-23 | CVE-2019-14885 | Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. | 4.3 |
| 2018-09-10 | CVE-2016-7061 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. | 6.5 |
| 2018-07-26 | CVE-2017-12167 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | 5.5 |
| 2016-09-26 | CVE-2016-5406 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | 8.8 |
| 2016-09-26 | CVE-2016-4993 | HTTP Response Splitting vulnerability in Redhat Jboss Enterprise Application Platform CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.1 |