Lucene search
K
RedhatData Grid

21 matches found

CVE
CVE
added 2023/10/04 10:46 a.m.619 views

CVE-2023-4586

CVE-2023-4586 (Hot Rod client) is described as a vulnerability where the Hot Rod client does not enable hostname validation when using TLS, which could enable a man-in-the-middle (MITM) attack and compromise the confidentiality of communications. The connected materials reaffirm the same issue an...

7.4CVSS7.2AI score0.00448EPSS
CVE
CVE
added 2024/08/21 2:13 p.m.368 views

CVE-2024-7885

CVE-2024-7885 affects Undertow's ProxyProtocolReadListener, where parseProxyProtocolV1 reuses a single StringBuilder across multiple requests, potentially leaking data between requests on the same HTTP connection and, in multi-request environments, exposing previous values. The connected Red Hat ...

7.5CVSS7.4AI score0.02644EPSS
CVE
CVE
added 2017/11/09 12:0 a.m.356 views

CVE-2015-7501

CVE-2015-7501 involves a deserialization flaw in Apache Commons Collections that affects Red Hat JBoss Middleware stack (A-MQ 6.x; BPMS 6.x; BRMS 5.x/6.x; JDG 6.x/5.x; JDV 6.x/5.x; AEP 6.x; Fuse 6.x; FSW 6.x; JBoss ON 3.x; Portal 6.x; SOA-P 5.x; JWS 3.x; OpenShift/xPaaS 3.x; Subscription Asset Ma...

10CVSS9.7AI score0.83274EPSS
CVE
CVE
added 2021/05/20 12:15 p.m.276 views

CVE-2021-3536

CVE-2021-3536 concerns WildFly/JBoss EAP domain-mode admin console vulnerability allowing XSS via the name field when creating roles, affecting Confidentiality and Integrity. Affected software is WildFly (prior to 23.0.2.Final). The issue arises in the domain mode role-creation flow and can be tr...

4.8CVSS5AI score0.00528EPSS
CVE
CVE
added 2021/08/05 8:48 p.m.216 views

CVE-2021-3642

CVE-2021-3642 describes a timing-attack vulnerability in Wildfly Elytron’s ScramServer, affecting versions prior to 1.10.14.Final, 1.15.5.Final, and 1.16.1.Final. The highest impact is confidentiality; no exploitation details are provided in the documents. Connected advisories (e.g., Red Hat RHSA...

5.3CVSS5.3AI score0.00846EPSS
CVE
CVE
added 2020/10/06 12:0 a.m.211 views

CVE-2020-25644

CVE-2020-25644 is a memory‑leak vulnerability in WildFly OpenSSL (WildFly OpenSSL natives) prior to 1.1.3.Final. The flaw causes a memory leak per HTTP session creation, which can lead to Out-Of-Memory and a denial of service, predominantly affecting availability. Affected component/file: WildFly...

7.5CVSS6.9AI score0.02183EPSS
CVE
CVE
added 2019/10/14 2:32 p.m.166 views

CVE-2019-14838

The CVE-2019-14838 entry concerns WildFly (wildfly-core) prior to 7.2.5.GA, where Management users bearing Monitor, Auditor, or Deployer roles could modify the server’s runtime state due to an authorization misconfiguration. The issue is tied to WildFly/JBoss components, with multiple advisories ...

5.2CVSS5AI score0.01141EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.159 views

CVE-2023-5236

Summary (based on provided sources): CVE-2023-5236 affects Infinispan and is caused by failing to detect circular object references during unmarshalling, enabling a remote-authenticated attacker to insert a crafted object into the cache to trigger out-of-memory conditions and a denial of service....

6.5CVSS5.3AI score0.0089EPSS
CVE
CVE
added 2025/03/04 3:14 p.m.153 views

CVE-2025-23368

CVE-2025-23368 relates to the Wildfly Elytron integration exposing a brute-force risk for CLI authentication. Red Hat’s advisory RHSA-2026:18059 (and CVE-2025-23368‑specific RHSA-2026:18059-CVE-2025-23368) fixes this in Red Hat JBoss Enterprise Application Platform 8.1.6 and WildFly Core updates....

8.1CVSS8.1AI score0.00817EPSS
CVE
CVE
added 2026/01/07 4:4 p.m.150 views

CVE-2025-12543

Undertow core in WildFly/JBoss EAP is affected by CVE-2025-12543 due to improper validation of the Host header in HTTP requests. This can allow cache poisoning, internal network discovery, or user session hijacking. The CVSSv3.1 base score is 9.6 (CRITICAL) with network access, low attack complex...

9.6CVSS6.2AI score0.01179EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.139 views

CVE-2023-3628

CVE-2023-3628 affects Infinispan REST: bulk read endpoints fail to properly enforce user permissions, potentially allowing an authenticated user to access data outside their intended scope. The condition is documented across multiple sources (GHSA-FHR7-8JX4-R9CP, NVD/NVD-linked CVE, and Red Hat a...

6.5CVSS6.4AI score0.0064EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.137 views

CVE-2023-3629

CVE-2023-3629 concerns Infinispan REST: cache retrieval endpoints fail to properly enforce admin permissions, potentially allowing an authenticated user to access data outside their intended permissions. The description in multiple sources confirms an information exposure risk without admin autho...

6.5CVSS5.3AI score0.00579EPSS
CVE
CVE
added 2023/12/18 1:43 p.m.117 views

CVE-2023-5384

CVE-2023-5384 affects Infinispan: when serializing a cache configuration to XML/JSON/YAML that contains credentials (e.g., JDBC store with connection pooling, remote store), the credentials are returned in clear text as part of the configuration. This exposes sensitive data if the configuration i...

7.2CVSS5.2AI score0.00543EPSS
CVE
CVE
added 2020/12/03 12:0 a.m.106 views

CVE-2020-25711

CVE-2020-25711 affects Infinispan 10 REST API where authorization checks are not performed for certain server-management operations. When authz is enabled, any authenticated user can perform actions such as shutting down the server without the ADMIN role, enabling an authorization-check bypass. T...

6.5CVSS6.5AI score0.01067EPSS
CVE
CVE
added 2021/06/02 11:2 a.m.89 views

CVE-2020-10771

The CVE-2020-10771 entry describes a CSRF vulnerability in Infinispan 10: REST endpoints can be exploited via GET requests to perform actions with side effects. This is documented in the NVD entry and mirrored in Red Hat advisories (RHSA) tying the issue to Infinispan REST GET-action handling. Im...

7.1CVSS6.8AI score0.00445EPSS
CVE
CVE
added 2026/03/27 4:13 p.m.88 views

CVE-2026-28369

Undertow contains a vulnerability where the first HTTP header line with leading spaces is stripped, violating HTTP standards and enabling request smuggling. Affected component: Undertow HTTP header parsing. Root cause: improper handling that trims leading spaces on the initial header line. Impact...

9.1CVSS5.9AI score0.00677EPSS
CVE
CVE
added 2021/09/21 10:33 a.m.69 views

CVE-2021-31917

CVE-2021-31917: Affects Red Hat Data Grid 8.x (8.0.0, 8.0.1, 8.1.0, 8.1.1) and Infinispan (10.0.0–12.0.0). Root cause is an authentication bypass on all REST endpoints when Digest authentication is used, exposing data confidentiality, integrity, and availability risks. Remediation in Red Hat advi...

9.8CVSS9.5AI score0.01304EPSS
CVE
CVE
added 2026/03/27 4:13 p.m.65 views

CVE-2026-28367

Undertow contains a flaw that allows HTTP request smuggling by sending a header terminator of \r\r\r. A remote attacker could exploit this against certain proxies (e.g., older Apache Traffic Server, Google Cloud Classic Application Load Balancer) to cause unauthorized access or manipulation of we...

9.1CVSS5.8AI score0.00706EPSS
CVE
CVE
added 2025/06/26 9:28 p.m.41 views

CVE-2025-5731

Summary: CVE-2025-5731 affects the Infinispan CLI, where a credential decoded from a Kubernetes secret is handled in plaintext and can appear in a command string, potentially leaking data in an error message when a command is not found. Root cause: insecure processing/embedding of the decoded sec...

5.5CVSS7AI score0.00137EPSS
CVE
CVE
added 2026/03/27 4:13 p.m.39 views

CVE-2026-28368

A vulnerability (CVE-2026-28368) affects Undertow and involves a discrepancy in header parsing between Undertow and upstream proxies, enabling HTTP request smuggling. Reported across multiple sources (NVD, Debian/Ubuntu OSV, Circl, GitHub advisories, and Nessus plugin) with confirmed references t...

9.1CVSS5.9AI score0.00704EPSS
CVE
CVE
added 2026/03/24 4:11 a.m.28 views

CVE-2026-3260

CVE-2026-3260 affects Undertow and enables Denial of Service via premature multipart/form-data parsing when a GET request with multipart/form-data is processed (e.g., via getParameterMap). The issue is caused by content being parsed and stored to disk during parameter handling, leading to resourc...

7.5CVSS5.8AI score0.00441EPSS