Vulnerabilities > Redhat > Wildfly > 21.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-13 | CVE-2022-1278 | Insecure Default Initialization of Resource vulnerability in Redhat products A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. | 7.5 |
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 5.3 |
| 2022-04-18 | CVE-2021-3503 | Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. | 4.3 |
| 2021-05-20 | CVE-2021-3536 | Cross-site Scripting vulnerability in Redhat products A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. | 4.8 |