Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2021-32027
A flaw was found in postgresql in versions prior to 13.3, prior to 12.7, prior to 11.12, prior to 10.17 and prior to 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The...
Postgresql Postgresql
Redhat Enterprise Linux 7.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
3.5
CVSSv2
CVE-2018-10934
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions prior to 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Enterprise Application Platform 7.1.0
Redhat Single Sign-on 7.2
6.4
CVSSv2
CVE-2019-14887
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potent...
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
Redhat Wildfly 7.2.0
Redhat Wildfly 7.2.3
Redhat Wildfly 7.2.5
3.5
CVSSv2
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions before 1.10.14.Final, before 1.15.5.Final and before 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Redhat Wildfly Elytron
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Data Grid 8.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Quarkus Quarkus
4.3
CVSSv2
CVE-2020-10688
A cross-site scripting (XSS) flaw was found in RESTEasy in versions prior to 3.11.1.Final and prior to 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Resteasy
Redhat Fuse 1.0
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
5
CVSSv2
CVE-2020-25710
A flaw was found in OpenLDAP in versions prior to 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.
Openldap Openldap
Redhat Enterprise Linux 7.0
Redhat Enterprise Linux 6.0
Redhat Jboss Enterprise Web Server 2.0.0
Redhat Enterprise Linux 5.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Core Services -
Debian Debian Linux 9.0
Fedoraproject Fedora 33
6.5
CVSSv2
CVE-2019-14843
A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped wit...
Redhat Single Sign-on 7.3
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on -
1 Github repository
7.5
CVSSv2
CVE-2019-14892
A flaw exists in jackson-databind in versions prior to 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.
Fasterxml Jackson-databind
Redhat Jboss Enterprise Application Platform 7.0
Redhat Decision Manager 7.0
Redhat Jboss Fuse 7.0.0
Redhat Process Automation 7.0
Redhat Jboss Data Grid 7.0.0
Redhat Openshift Container Platform 4.3
Redhat Jboss Data Grid -
Apache Geode 1.12.0
1 Github repository
4.3
CVSSv2
CVE-2019-10212
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Fuse
Redhat Openshift Application Runtimes -
Redhat Single Sign-on
Netapp Active Iq Unified Manager -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
5
CVSSv2
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Single Sign-on 7.0
Netapp Active Iq Unified Manager -
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
CVE-2006-4304
wireless
CVE-2023-23022
local file inclusion
CVE-2024-27058
CVE-2024-33820
open redirect
CVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »