Vulnerabilities > Redhat > Wildfly

DATE CVE VULNERABILITY TITLE RISK
2022-09-13 CVE-2022-1278 Insecure Default Initialization of Resource vulnerability in Redhat products
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
network
low complexity
redhat CWE-1188
7.5
2022-05-10 CVE-2022-0866 Incorrect Authorization vulnerability in Redhat products
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal.
network
redhat CWE-863
4.3
2022-04-18 CVE-2021-3503 Unspecified vulnerability in Redhat Wildfly
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data.
network
low complexity
redhat
4.3
2021-06-07 CVE-2020-1719 Privilege Context Switching Error vulnerability in Redhat Wildfly
A flaw was found in wildfly.
network
low complexity
redhat CWE-270
5.5
2021-06-02 CVE-2020-14317 Signal Handler Race Condition vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression.
local
low complexity
redhat CWE-364
4.9
2021-05-20 CVE-2021-3536 Cross-site Scripting vulnerability in Redhat products
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS.
network
redhat CWE-79
3.5
2020-12-08 CVE-2020-27822 Memory Leak vulnerability in Redhat Wildfly
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final.
network
redhat CWE-401
7.1
2020-11-24 CVE-2020-25640 Information Exposure Through Log Files vulnerability in Redhat Wildfly
A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
network
high complexity
redhat CWE-532
5.3
2020-11-02 CVE-2020-25689 Memory Leak vulnerability in multiple products
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller.
network
low complexity
redhat netapp CWE-401
6.5
2020-09-16 CVE-2020-10718 Unspecified vulnerability in Redhat Jboss Fuse and Wildfly
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL).
network
low complexity
redhat
5.0