Red Hat Jboss Eap vulnerabilities

CVE-2019-14885 [MEDIUM] CWE-532 CVE-2019-14885: A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential informa A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.

CVE-2014-0169 [MEDIUM] CWE-863 CVE-2014-0169: In JBoss EAP 6 a security domain is configured to use a cache that is shared between all application In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented whi