Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
wildfly vulnerabilities and exploits
(subscribe to this query)
7.1
CVSSv2
CVE-2020-27822
A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an malicious user to impact th...
Redhat Wildfly 19.0.0
Redhat Wildfly 19.1.0
Redhat Wildfly 20.0.0
Redhat Wildfly 20.0.1
Redhat Wildfly 21.0.0
10
CVSSv2
CVE-2018-10682
An issue exists in WildFly 10.1.2.Final. It is possible for an malicious user to access the administration panel on TCP port 9990 without any authentication using "anonymous" access that is automatically created. Once logged in, a misconfiguration present by default (au...
Wildfly Wildfly 10.1.2
NA
CVE-2021-3644
A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access a...
Redhat Descision Manager 7.0
Redhat Wildfly 16.0.0
Redhat Wildfly 17.0.0
5
CVSSv2
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0
Redhat Jboss Wildfly Application Server
3.5
CVSSv2
CVE-2020-25640
A flaw exists in WildFly prior to 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.
Redhat Wildfly
5.5
CVSSv2
CVE-2020-1719
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.
Redhat Wildfly
6
CVSSv2
CVE-2020-10740
A vulnerability was found in Wildfly in versions prior to 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.
Redhat Wildfly
4.3
CVSSv2
CVE-2018-14627
The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are configured with the following setting allow clients to create plaintext connections: <transport-config confidentiality...
Redhat Wildfly
4
CVSSv2
CVE-2021-3503
A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.
Redhat Wildfly
NA
CVE-2022-41235
Jenkins WildFly Deployer Plugin 1.0.2 and previous versions implements functionality that allows agent processes to read arbitrary files on the Jenkins controller file system.
Jenkins Wildfly Deployer
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »