Vulnerabilities > Redhat > Wildfly
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-13 | CVE-2022-1278 | Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | 7.5 |
2022-08-26 | CVE-2021-3644 | Unspecified vulnerability in Redhat Descision Manager and Wildfly A flaw was found in wildfly-core in all versions. | 3.3 |
2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 5.3 |
2022-04-18 | CVE-2021-3503 | Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. | 4.3 |
2021-06-07 | CVE-2020-1719 | Unspecified vulnerability in Redhat Wildfly A flaw was found in wildfly. | 5.4 |
2021-06-02 | CVE-2020-14317 | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. | 5.5 |
2021-05-20 | CVE-2021-3536 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. | 4.8 |
2020-12-08 | CVE-2020-27822 | Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. | 5.9 |
2020-11-24 | CVE-2020-25640 | Information Exposure Through Log Files vulnerability in Redhat Wildfly A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | 5.3 |
2020-11-02 | CVE-2020-25689 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |