Jboss Enterprise Application Platform Expansion Pack Security Vulnerabilities and Issues — Jboss Enterprise Application Platform Expansion Pack CVE List

Lucene search

RedhatJboss Enterprise Application Platform Expansion Pack

6 matches found

CVE•added 2023/09/14 3:15 p.m.•2602 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.0481EPSS

CVE•added 2021/08/05 9:15 p.m.•163 views

CVE-2021-3642

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

5.3CVSS5.3AI score0.00222EPSS

CVE•added 2021/05/13 2:15 p.m.•135 views

CVE-2021-20250

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.

4.3CVSS4.3AI score0.00171EPSS

CVE•added 2022/03/11 6:15 p.m.•125 views

CVE-2022-0853

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

7.5CVSS7.1AI score0.01364EPSS

CVE•added 2022/09/13 2:15 p.m.•116 views

CVE-2022-1278

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

7.5CVSS7.3AI score0.00761EPSS

CVE•added 2024/02/06 9:15 a.m.•115 views

CVE-2023-4503

An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.

7.5CVSS7.2AI score0.00249EPSS