Vulnerabilities > Redhat > Jboss Enterprise Application Platform
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2020-25710 | Reachable Assertion vulnerability in multiple products A flaw was found in OpenLDAP in versions before 2.4.56. | 7.5 |
| 2021-05-27 | CVE-2020-10688 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 4.3 |
| 2021-05-20 | CVE-2021-3536 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. | 3.5 |
| 2021-03-23 | CVE-2019-19343 | Improper Resource Shutdown or Release vulnerability in multiple products A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. | 5.0 |
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |
| 2020-10-16 | CVE-2020-14299 | Improper Authentication vulnerability in Redhat products A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. | 6.3 |
| 2020-10-06 | CVE-2020-25644 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. | 7.5 |
| 2020-09-23 | CVE-2020-10687 | HTTP Request Smuggling vulnerability in Redhat Undertow 1.0.0 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. | 4.8 |
| 2020-09-16 | CVE-2020-1710 | Unspecified vulnerability in Redhat products The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | 5.0 |
| 2020-09-09 | CVE-2020-14384 | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Jbossweb A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. | 5.0 |