Lucene search

K

Wildfly-core Security Vulnerabilities

cve
cve

CVE-2023-4061

A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the...

6.5CVSS

5.9AI Score

0.001EPSS

2023-11-08 01:15 AM
127
cve
cve

CVE-2021-3644

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly...

3.3CVSS

3.7AI Score

0.001EPSS

2022-08-26 04:15 PM
73
5
cve
cve

CVE-2021-3629

A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final...

5.9CVSS

6AI Score

0.001EPSS

2022-05-24 07:15 PM
168
9
cve
cve

CVE-2021-3717

A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects...

7.8CVSS

7.2AI Score

0.0004EPSS

2022-05-24 07:15 PM
102
7
cve
cve

CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM)...

6.5CVSS

6.1AI Score

0.001EPSS

2020-11-02 09:15 PM
101
2
cve
cve

CVE-2019-14838

A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the...

4.9CVSS

5AI Score

0.002EPSS

2019-10-14 03:15 PM
95
cve
cve

CVE-2018-10934

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged...

5.4CVSS

5.5AI Score

0.001EPSS

2019-03-27 01:29 PM
77
cve
cve

CVE-2018-10862

WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip'...

5.5CVSS

5.5AI Score

0.001EPSS

2018-07-27 02:29 PM
73