Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 6.3.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-23 | CVE-2019-19343 | Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. | 5.0 |
| 2020-01-23 | CVE-2019-14885 | Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. | 4.3 |
| 2018-09-10 | CVE-2016-7061 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. | 6.5 |
| 2018-07-26 | CVE-2017-12167 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system. | 2.1 |
| 2017-09-19 | CVE-2015-1849 | Information Exposure vulnerability in Redhat Jboss Enterprise Application Platform AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows attackers to obtain sensitive information via vectors involving logging the LDAP bind credential password when TRACE logging is enabled. | 4.3 |
| 2016-09-26 | CVE-2016-5406 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. | 6.5 |
| 2016-09-26 | CVE-2016-4993 | CRLF Injection vulnerability in Redhat products CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 4.3 |
| 2015-12-16 | CVE-2015-5304 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors. | 3.5 |
| 2015-04-21 | CVE-2014-3586 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Enterprise Application Platform The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified vectors. | 2.1 |