Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.2.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-10	CVE-2022-0866	Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. network low complexity redhat CWE-863	5.3
2021-03-23	CVE-2019-19343	Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. network low complexity redhat netapp CWE-404	7.5
2020-09-16	CVE-2020-1710	Unspecified vulnerability in Redhat products The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. network low complexity redhat	5.3
2020-05-06	CVE-2020-10693	A flaw was found in Hibernate Validator version 6.1.2.Final. network low complexity redhat ibm quarkus oracle	5.3
2020-01-23	CVE-2019-14885	Information Exposure Through Log Files vulnerability in Redhat products A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. network low complexity redhat CWE-532	4.3
2020-01-08	CVE-2019-14820	Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. network low complexity redhat	4.3
2020-01-07	CVE-2019-14843	Incorrect Authorization vulnerability in Redhat products A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. network low complexity redhat CWE-863	8.8
2019-10-29	CVE-2019-0210	Out-of-bounds Read vulnerability in multiple products In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data. network low complexity apache redhat oracle CWE-125	7.5
2019-10-29	CVE-2019-0205	Infinite Loop vulnerability in multiple products In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. network low complexity apache redhat oracle CWE-835	7.5
2019-10-14	CVE-2019-14838	Improper Privilege Management vulnerability in Redhat products A flaw was found in wildfly-core before 7.2.5.GA. network low complexity redhat CWE-269	4.9

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.