Wildfly Security Vulnerabilities and Issues — Wildfly CVE List

Lucene search

RedhatWildfly

4 matches found

CVE•added 2020/06/22 6:15 p.m.•225 views

CVE-2020-10740

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

7.5CVSS7.2AI score0.00635EPSS

CVE•added 2020/09/16 7:15 p.m.•124 views

CVE-2020-10718

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...

7.5CVSS7.2AI score0.0027EPSS

CVE•added 2022/09/13 2:15 p.m.•120 views

CVE-2022-1278

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

7.5CVSS7.3AI score0.00761EPSS

CVE•added 2020/12/08 1:15 a.m.•101 views

CVE-2020-27822

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. ...

7.1CVSS5.5AI score0.00339EPSS