Vulnerabilities > Redhat > Wildfly

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-10718 Unspecified vulnerability in Redhat Jboss Fuse and Wildfly
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL).
network
low complexity
redhat
7.5
2020-06-22 CVE-2020-10740 Deserialization of Untrusted Data vulnerability in Redhat Wildfly
A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
network
high complexity
redhat CWE-502
7.5
2020-03-16 CVE-2019-14887 Unspecified vulnerability in Redhat products
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored.
network
low complexity
redhat
critical
9.1
2019-05-03 CVE-2019-3894 Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as.
network
low complexity
redhat
8.8
2019-05-03 CVE-2019-3805 Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system.
local
high complexity
redhat CWE-269
4.7
2018-09-04 CVE-2018-14627 Cleartext Transmission of Sensitive Information vulnerability in Redhat Wildfly
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required.
network
high complexity
redhat CWE-319
5.9
2018-05-09 CVE-2018-10683 Improper Authentication vulnerability in Redhat Wildfly 10.1.2
An issue was discovered in WildFly 10.1.2.Final.
network
low complexity
redhat CWE-287
critical
9.8