Vulnerabilities > Redhat > Jboss Enterprise Application Platform

DATE CVE VULNERABILITY TITLE RISK
2022-05-24 CVE-2021-3717 Files or Directories Accessible to External Parties vulnerability in Redhat products
A flaw was found in Wildfly.
local
low complexity
redhat CWE-552
7.8
2022-05-10 CVE-2022-0866 Incorrect Authorization vulnerability in Redhat products
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal.
network
low complexity
redhat CWE-863
5.3
2022-03-11 CVE-2022-0853 Memory Leak vulnerability in Redhat products
A flaw was found in JBoss-client.
network
low complexity
redhat CWE-401
7.5
2021-12-23 CVE-2021-20318 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform 7.3.9/7.4.0
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978.
network
low complexity
redhat
7.2
2021-12-14 CVE-2021-4104 Deserialization of Untrusted Data vulnerability in multiple products
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration.
network
high complexity
apache fedoraproject redhat oracle CWE-502
7.5
2021-10-08 CVE-2021-32029 Out-of-bounds Read vulnerability in multiple products
A flaw was found in postgresql.
network
low complexity
postgresql redhat CWE-125
6.5
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat quarkus
5.3
2021-06-02 CVE-2020-14340 A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles.
network
high complexity
redhat oracle
5.9
2021-06-02 CVE-2020-14317 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression.
local
low complexity
redhat
5.5
2021-06-01 CVE-2021-32027 A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22.
network
low complexity
postgresql redhat
8.8