Wildfly Security Vulnerabilities and Issues — Wildfly CVE List

Lucene search

RedhatWildfly

8 matches found

CVE•added 2020/06/22 6:15 p.m.•228 views

CVE-2020-10740

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly.

7.5CVSS7.2AI score0.00635EPSS

CVE•added 2020/07/24 4:15 p.m.•167 views

CVE-2020-14297

A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make...

6.5CVSS6.1AI score0.00384EPSS

CVE•added 2020/11/02 9:15 p.m.•141 views

CVE-2020-25689

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue...

6.8CVSS6.1AI score0.00238EPSS

CVE•added 2020/07/24 4:15 p.m.•140 views

CVE-2020-14307

A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft...

6.5CVSS6.1AI score0.00415EPSS

CVE•added 2020/09/16 7:15 p.m.•124 views

CVE-2020-10718

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from this vulnerability is ...

7.5CVSS7.2AI score0.0027EPSS

CVE•added 2020/03/16 3:15 p.m.•121 views

CVE-2019-14887

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. Thi...

9.1CVSS8.7AI score0.00177EPSS

CVE•added 2020/11/24 7:15 p.m.•102 views

CVE-2020-25640

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

5.3CVSS5.2AI score0.00354EPSS

CVE•added 2020/12/08 1:15 a.m.•101 views

CVE-2020-27822

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. ...

7.1CVSS5.5AI score0.00339EPSS