Jboss Enterprise Application Platform

jboss_enterprise_application_platform

Vendor: Redhat • 243 CVEs

CVEs (243)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-1732 1Redhat 4Jboss Enterprise Application Platform Jboss Enterprise Application Platform Continuous DeliveryOpenshift Application Runtimes+1 more Nov 21, 2024 May 4, 2020 N/A· v4 4.2 MEDIUM· v3 4.9 MEDIUM· v2 A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead t...Show more A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.Show less
CVE-2020-1757 1Redhat 6Jboss Data Grid Jboss Enterprise Application PlatformJboss Fuse+3 more Nov 21, 2024 Apr 21, 2020 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize...Show more A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.Show less
CVE-2019-14887 1Redhat 6Jboss Data Grid Jboss Enterprise Application PlatformJboss Fuse+3 more Nov 21, 2024 Mar 16, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the...Show more A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.Show less
CVE-2011-2487 2Apache Redhat 10Cxf Jboss Business Rules Management SystemJboss Enterprise Application Platform+7 more Nov 21, 2024 Mar 11, 2020 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2019-14892 3Apache FasterxmlRedhat 8Decision Manager GeodeJackson Databind+5 more Nov 21, 2024 Mar 2, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An atta...Show more A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.Show less
CVE-2019-20445 6Apache CanonicalDebian+3 more 7Debian Linux FedoraJboss Amq Clients+4 more Nov 21, 2024 Jan 29, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
CVE-2019-20444 5Canonical DebianFedoraproject+2 more 6Debian Linux FedoraJboss Amq Clients+3 more Jul 1, 2025 Jan 29, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CVE-2020-7238 4Debian FedoraprojectNetty+1 more 6Debian Linux FedoraJboss Enterprise Application Platform+3 more Nov 21, 2024 Jan 27, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an inc...Show more Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.Show less
CVE-2019-14885 1Redhat 2Jboss Enterprise Application Platform Single Sign On Nov 21, 2024 Jan 23, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI...Show more A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.Show less
CVE-2012-5626 1Redhat 6Jboss Brms Jboss Enterprise Application PlatformJboss Enterprise Web Server+3 more Nov 21, 2024 Jan 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterp...Show more EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.Show less
CVE-2019-14888 2Netapp Redhat 6Active Iq Unified Manager Jboss Data GridJboss Enterprise Application Platform+3 more Nov 21, 2024 Jan 23, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on...Show more A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.Show less
CVE-2019-14820 1Redhat 4Jboss Enterprise Application Platform Jboss FuseKeycloak+1 more Nov 21, 2024 Jan 8, 2020 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker...Show more It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information.Show less
CVE-2019-14843 1Redhat 2Jboss Enterprise Application Platform Single Sign On Nov 21, 2024 Jan 7, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized informatio...Show more A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.Show less
CVE-2014-0169 1Redhat 1Jboss Enterprise Application Platform Nov 21, 2024 Jan 2, 2020 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resourc...Show more In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.Show less
CVE-2012-2312 1Redhat 2Jboss Application Server Jboss Enterprise Application Platform Nov 21, 2024 Dec 18, 2019 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security contex...Show more An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.Show less
CVE-2013-6495 1Redhat 2Jboss Enterprise Application Platform Jboss Portal Nov 21, 2024 Dec 11, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 JBossWeb Bayeux has reflected XSS
CVE-2019-10174 3Infinispan NetappRedhat 7Active Iq Unified Manager FuseInfinispan+4 more Nov 21, 2024 Nov 25, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The att...Show more A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious behavior into the application.Show less
CVE-2019-10172 4Apache DebianFasterxml+1 more 5Debian Linux Jackson Mapper AslJboss Enterprise Application Platform+2 more Nov 21, 2024 Nov 18, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.
CVE-2019-10219 3Netapp OracleRedhat 188Access Manager Active Iq Unified ManagerAgile Engineering Data Management+185 more Jul 7, 2025 Nov 8, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can r...Show more A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.Show less
CVE-2019-0210 3Apache OracleRedhat 3Communications Cloud Native Core Network Slice Selection Function Jboss Enterprise Application PlatformThrift Nov 21, 2024 Oct 29, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.

Previous 1 2 345...13 Next