Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2017-7503
It was found that the Red Hat JBoss EAP 7.0.5 implementation of javax.xml.transform.TransformerFactory is vulnerable to XXE. An attacker could use this flaw to launch DoS or SSRF attacks, or read files from the server where EAP is deployed.
Redhat Jboss Enterprise Application Platform 7.0.5
NA
CVE-2023-3171
A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an malicious user to submit malicious requests using these classes, which could eventually exhaus...
Redhat Jboss Enterprise Application Platform 7.4
Redhat Jboss Enterprise Application Platform -
5
CVSSv2
CVE-2020-14384
A flaw was found in JBossWeb in versions prior to 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat ...
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jbossweb
6.5
CVSSv2
CVE-2019-3894
It exists that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wro...
Redhat Wildfly
Redhat Jboss Enterprise Application Platform 7.0.0
5
CVSSv2
CVE-2010-2493
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) t...
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform
6.8
CVSSv2
CVE-2011-1484
jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and previous versions, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expres...
Redhat Jboss Seam 2 Framework
Redhat Jboss Seam 2 Framework 2.2.1
Redhat Jboss Seam 2 Framework 2.1.2
Redhat Jboss Seam 2 Framework 2.0.0
Redhat Jboss Seam 2 Framework 2.0.2
Redhat Jboss Seam 2 Framework 2.1.1
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Seam 2 Framework 2.2.0
Redhat Jboss Seam 2 Framework 2.1.0
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Seam 2 Framework 2.0.1
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Seam 2 Framework 2.0.3
NA
CVE-2023-3628
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Redhat Data Grid
Infinispan Infinispan -
NA
CVE-2023-3629
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. This issue could allow an authenticated user to access information outside of their intended permissions.
Redhat Data Grid
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform 6
Infinispan Infinispan -
7.5
CVSSv2
CVE-2014-3490
RESTEasy 2.3.1 prior to 2.3.8.SP2 and 3.x prior to 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote malicious users to...
Redhat Jboss Enterprise Application Platform 6.3.0
Redhat Resteasy 3.0
Redhat Resteasy
NA
CVE-2023-4061
A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from th...
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly Core
Redhat Jboss Enterprise Application Platform 7.4
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »