Vulnerabilities > Redhat > Jboss Enterprise Application Platform > 7.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 4.3 |
| 2021-05-27 | CVE-2020-10688 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 4.3 |
| 2020-09-23 | CVE-2020-10687 | HTTP Request Smuggling vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
| 2020-07-06 | CVE-2019-14900 | SQL Injection vulnerability in multiple products A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. | 6.5 |
| 2020-05-26 | CVE-2020-10719 | HTTP Request Smuggling vulnerability in multiple products A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. | 6.5 |
| 2020-01-27 | CVE-2020-7238 | HTTP Request Smuggling vulnerability in multiple products Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. | 7.5 |
| 2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 4.3 |
| 2019-09-26 | CVE-2019-16869 | HTTP Request Smuggling vulnerability in multiple products Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling. | 7.5 |
| 2019-07-25 | CVE-2019-10184 | Missing Authorization vulnerability in multiple products undertow before version 2.0.23.Final is vulnerable to an information leak issue. | 5.0 |
| 2018-09-11 | CVE-2016-7066 | Permission Issues vulnerability in Redhat Jboss Enterprise Application Platform It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | 7.8 |