Lucene search

K
RedhatJboss Enterprise Application Platform*

6 matches found

CVE
CVE
added 2020/01/23 10:15 p.m.218 views

CVE-2019-14885

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential informatio...

5.4CVSS4.4AI score0.00323EPSS
CVE
CVE
added 2021/03/23 9:15 p.m.145 views

CVE-2019-19343

A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be...

7.5CVSS7.3AI score0.00507EPSS
CVE
CVE
added 2018/07/26 5:29 p.m.112 views

CVE-2017-12167

It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

5.5CVSS7AI score0.00051EPSS
CVE
CVE
added 2020/10/16 2:15 p.m.89 views

CVE-2020-14299

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user a...

6.5CVSS6.3AI score0.00096EPSS
CVE
CVE
added 2018/09/10 4:29 p.m.79 views

CVE-2016-7061

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

6.5CVSS6.3AI score0.00591EPSS
CVE
CVE
added 2018/09/11 2:29 p.m.74 views

CVE-2016-7066

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

7.8CVSS7.6AI score0.00027EPSS