Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise application platform - vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2020-1714
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an malicious user to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potent...
Redhat Keycloak
Redhat Decision Manager 7.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Redhat Single Sign-on 7.0
Quarkus Quarkus
8.8
CVSSv3
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped wit...
Redhat Single Sign-on 7.3
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on -
1 Github repository
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
8.8
CVSSv3
CVE-2019-3894
It exists that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wro...
Redhat Wildfly
Redhat Jboss Enterprise Application Platform 7.0.0
8.8
CVSSv3
CVE-2016-5406
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x prior to 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
Redhat Jboss Enterprise Application Platform
8.6
CVSSv3
CVE-2021-3517
There is a flaw in the xml entity encoding functionality of libxml2 in versions prior to 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigger an out-of-bounds read. The most like...
Xmlsoft Libxml2
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
Netapp Snapmanager -
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp E-series Santricity Storage Manager -
Netapp Clustered Data Ontap Antivirus Connector -
Netapp Snapdrive -
Netapp Solidfire -
Netapp Hci Management Node -
Netapp Active Iq Unified Manager -
Netapp Santricity Unified Manager -
Netapp Manageability Software Development Kit -
Netapp E-series Santricity Web Services -
Netapp E-series Santricity Os Controller
Netapp Hci H410c Firmware -
8.1
CVSSv3
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may...
Redhat Undertow 2.0.0
Redhat Undertow 2.0.25
Redhat Undertow 2.0.26
Redhat Undertow 2.0.28
Redhat Undertow
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
8.1
CVSSv3
CVE-2016-9606
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an malicious user to execute arbitrary code with RESTEasy application permissions.
Redhat Resteasy
7.8
CVSSv3
CVE-2021-3717
A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This ...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly Core
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform 7.3
7.8
CVSSv3
CVE-2021-3516
There's a flaw in libxml2's xmllint in versions prior to 2.9.11. An attacker who is able to submit a crafted file to be processed by xmllint could trigger a use-after-free. The greatest impact of this flaw is to confidentiality, integrity, and availability.
Xmlsoft Xmllint
Debian Debian Linux 9.0
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Core Services -
Redhat Enterprise Linux 8.0
Netapp Ontap Select Deploy Administration Utility -
Netapp Clustered Data Ontap -
Netapp Clustered Data Ontap Antivirus Connector -
Oracle Zfs Storage Appliance Kit 8.8
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »