Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.1.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 5.3 |
| 2021-03-23 | CVE-2019-19343 | Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. | 7.5 |
| 2020-01-23 | CVE-2019-14885 | Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. | 4.3 |
| 2019-03-27 | CVE-2018-10934 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. | 5.4 |
| 2018-09-11 | CVE-2016-7066 | Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | 7.8 |
| 2018-08-20 | CVE-2018-1000632 | XML Injection (aka Blind XPath Injection) vulnerability in multiple products dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. | 7.5 |
| 2018-07-27 | CVE-2017-2670 | Infinite Loop vulnerability in multiple products It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. | 7.5 |
| 2018-07-27 | CVE-2017-2595 | Path Traversal vulnerability in Redhat Jboss Enterprise Application Platform It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. | 6.5 |
| 2018-07-27 | CVE-2017-12165 | HTTP Request Smuggling vulnerability in Redhat Undertow It was discovered that Undertow before 1.4.17, 1.3.31 and 2.0.0 processes http request headers with unusual whitespaces which can cause possible http request smuggling. | 7.5 |
| 2018-07-27 | CVE-2018-10862 | Path Traversal vulnerability in Redhat products WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. | 5.5 |