Jboss Data Grid Security Vulnerabilities and Issues — Jboss Data Grid CVE List

Lucene search

RedhatJboss Data Grid

5 matches found

CVE•added 2019/06/12 2:29 p.m.•319 views

CVE-2019-3888

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)

9.8CVSS9.1AI score0.00569EPSS

CVE•added 2020/03/02 5:15 p.m.•206 views

CVE-2019-14892

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

9.8CVSS9.4AI score0.00873EPSS

CVE•added 2019/10/02 7:15 p.m.•189 views

CVE-2019-10212

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

9.8CVSS9AI score0.00466EPSS

CVE•added 2020/03/16 3:15 p.m.•113 views

CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. Thi...

9.1CVSS8.7AI score0.00177EPSS

CVE•added 2020/01/02 3:15 p.m.•104 views

CVE-2019-10158

A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

9.8CVSS9.3AI score0.00509EPSS