Jboss Data Grid@- Security Vulnerabilities and Issues — Jboss Data Grid@- CVE List

Lucene search

RedhatJboss Data Grid-

3 matches found

CVE•added 2020/03/02 5:15 p.m.•205 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

9.8CVSS9.4AI score0.00873EPSS

CVE•added 2020/01/23 5:15 p.m.•157 views

CVE-2019-14888

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

7.5CVSS7.2AI score0.00342EPSS

CVE•added 2020/09/16 3:15 p.m.•153 views

CVE-2020-1710

The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

5.3CVSS4.9AI score0.00157EPSS