Vulnerabilities > Redhat > Jboss Enterprise Application Platform > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-05-06 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final.
network
low complexity
redhat ibm quarkus oracle
5.3
2020-05-04 CVE-2020-1732 Improper Input Validation vulnerability in Redhat products
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
network
high complexity
redhat CWE-20
4.2
2020-03-11 CVE-2011-2487 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
network
high complexity
apache redhat CWE-327
5.9
2020-01-23 CVE-2019-14885 Information Exposure Through Log Files vulnerability in Redhat products
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA.
network
low complexity
redhat CWE-532
4.3
2020-01-08 CVE-2019-14820 Unspecified vulnerability in Redhat products
It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL.
network
low complexity
redhat
4.3
2020-01-02 CVE-2014-0169 Incorrect Authorization vulnerability in Redhat Jboss Enterprise Application Platform 6.0.0
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain.
network
low complexity
redhat CWE-863
6.5
2019-12-11 CVE-2013-6495 Cross-site Scripting vulnerability in Redhat products
JBossWeb Bayeux has reflected XSS
network
low complexity
redhat CWE-79
6.1
2019-11-08 CVE-2019-10219 A vulnerability was found in Hibernate-Validator.
network
low complexity
redhat netapp oracle
6.1
2019-10-14 CVE-2019-14838 Improper Privilege Management vulnerability in Redhat products
A flaw was found in wildfly-core before 7.2.5.GA.
network
low complexity
redhat CWE-269
4.9
2019-08-23 CVE-2019-12400 Improper Input Validation vulnerability in multiple products
In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders.
local
low complexity
apache redhat oracle CWE-20
5.5