Vulnerabilities > Redhat > Jboss Enterprise Application Platform > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-06 | CVE-2023-4503 | Improper Initialization vulnerability in Redhat products An improper initialization vulnerability was found in Galleon. | 7.5 |
| 2023-12-27 | CVE-2023-3171 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat Jboss Enterprise Application Platform 7.4 A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. | 7.5 |
| 2023-12-12 | CVE-2023-5379 | Allocation of Resources Without Limits or Throttling vulnerability in Redhat products A flaw was found in Undertow. | 7.5 |
| 2023-10-10 | CVE-2023-44487 | Resource Exhaustion vulnerability in multiple products The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | 7.5 |
| 2023-09-27 | CVE-2023-3223 | Unspecified vulnerability in Redhat products A flaw was found in undertow. | 7.5 |
| 2023-09-14 | CVE-2023-1108 | Infinite Loop vulnerability in multiple products A flaw was found in undertow. | 7.5 |
| 2023-02-23 | CVE-2022-4492 | Unspecified vulnerability in Redhat products The undertow client is not checking the server identity presented by the server certificate in https connections. | 7.5 |
| 2023-01-13 | CVE-2022-3143 | Information Exposure Through Discrepancy vulnerability in Redhat products wildfly-elytron: possible timing attacks via use of unsafe comparator. | 7.4 |
| 2022-08-31 | CVE-2022-1259 | Resource Exhaustion vulnerability in multiple products A flaw was found in Undertow. | 7.5 |
| 2022-08-26 | CVE-2021-3859 | Information Exposure Through Process Environment vulnerability in multiple products A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. | 7.5 |