Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-10	CVE-2022-0866	Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. network redhat CWE-863	4.3
2021-03-23	CVE-2019-19343	Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. network low complexity redhat netapp CWE-404	5.0
2020-01-23	CVE-2019-14885	Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. network low complexity redhat CWE-532	4.3
2018-09-11	CVE-2016-7066	Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. local low complexity redhat CWE-275	7.8
2018-02-26	CVE-2018-7489	Deserialization of Untrusted Data vulnerability in multiple products FasterXML jackson-databind before 2.7.9.3, 2.8.x before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. network low complexity fasterxml debian oracle redhat CWE-502 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.