Vulnerabilities > Redhat > Wildfly > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 4.3 |
| 2022-04-18 | CVE-2021-3503 | Unspecified vulnerability in Redhat Wildfly A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. | 4.3 |
| 2021-06-07 | CVE-2020-1719 | Privilege Context Switching Error vulnerability in Redhat Wildfly A flaw was found in wildfly. | 5.5 |
| 2021-06-02 | CVE-2020-14317 | Signal Handler Race Condition vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. | 4.9 |
| 2020-11-24 | CVE-2020-25640 | Information Exposure Through Log Files vulnerability in Redhat Wildfly A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. | 5.3 |
| 2020-11-02 | CVE-2020-25689 | Memory Leak vulnerability in multiple products A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. | 6.5 |
| 2020-09-16 | CVE-2020-10718 | Unspecified vulnerability in Redhat Jboss Fuse and Wildfly A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). | 5.0 |
| 2020-03-16 | CVE-2019-14887 | Unspecified vulnerability in Redhat products A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. | 6.4 |
| 2019-05-03 | CVE-2019-3894 | Unspecified vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. | 6.5 |
| 2019-05-03 | CVE-2019-3805 | Improper Privilege Management vulnerability in Redhat Jboss Enterprise Application Platform and Wildfly A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. | 4.7 |