Red Hat Wildfly vulnerabilities
5 known vulnerabilities affecting red_hat/wildfly.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2020-14297MEDIUMCVSS 6.5vjboss-ejb-client as shipped with Red Hat JBoss EAP 72020-07-24
CVE-2020-14297 [MEDIUM] CWE-400 CVE-2020-14297: A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specif
A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat JBoss EAP 7, where some specific EJB transaction objects may get accumulated over the time and can cause services to slow down and eventaully unavailable. An attacker can take advantage and cause denial of service attack and make services unavailable.
cvelistv5nvd
CVE-2020-14307MEDIUMCVSS 6.5vjboss-ejb-client versions shipped with Red Hat JBoss EAP 72020-07-24
CVE-2020-14307 [MEDIUM] CWE-404 CVE-2020-14307: A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBo
A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) versions shipped with Red Hat JBoss EAP 7, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the service unav
cvelistv5nvd
CVE-2019-14887CRITICALCVSS 9.1v7.2.0.GA, 7.2.3.GA, 7.2.5.CR22020-03-16
CVE-2019-14887 [CRITICAL] CWE-757 CVE-2019-14887: A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' val
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed ov
cvelistv5nvd
CVE-2019-3894HIGHCVSS 8.8vaffects from 11 to 162019-05-03
CVE-2019-3894 [HIGH] CWE-358 CVE-2019-3894: It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 t
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.
cvelistv5nvd
CVE-2019-3805MEDIUMCVSS 4.7vaffects up to 16.0.0.Final2019-05-03
CVE-2019-3805 [MEDIUM] CWE-364 CVE-2019-3805: A flaw was discovered in wildfly versions up to 16
A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to terminate any process as root.
cvelistv5