Redhat Jboss Enterprise Application Platform vulnerabilities

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2021-32029 [MEDIUM] CWE-200 CVE-2021-32029: A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.

CVE-2021-3642 [MEDIUM] CWE-203 CVE-2021-3642: A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and pr A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.

CVE-2020-14340 [MEDIUM] CWE-400 CVE-2020-14340: A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO S A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

CVE-2021-32027 [HIGH] CWE-190 CVE-2021-32027: A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and A flaw was found in postgresql in versions before 13.3, before 12.7, before 11.12, before 10.17 and before 9.6.22. While modifying certain SQL array values, missing bounds checks let authenticated database users write arbitrary bytes to a wide area of server memory. The highest threat from this vulnerability is to data confidentiality and integrity as

CVE-2020-25710 [HIGH] CWE-617 CVE-2020-25710: A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a mal A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability.

CVE-2020-10688 [MEDIUM] CWE-79 CVE-2020-10688: A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4 A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

CVE-2021-3536 [MEDIUM] CWE-79 CVE-2021-3536: A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.

CVE-2019-19343 [HIGH] CWE-400 CVE-2019-19343: A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2. A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.

CVE-2020-25689 [MEDIUM] CWE-401 CVE-2020-25689: A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tr A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat

CVE-2020-14299 [MEDIUM] CWE-287 CVE-2020-14299: A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy Secur A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is

CVE-2020-25644 [HIGH] CWE-401 CVE-2020-25644: A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes a A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability.

CVE-2020-10687 [MEDIUM] CVE-2020-10687: A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request sm A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other tha

CVE-2020-1710 [MEDIUM] CVE-2020-1710: The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230 The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.

CVE-2020-14384 [HIGH] CVE-2020-14384: A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 wa A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability.

CVE-2019-14900 [MEDIUM] CWE-89 CVE-2019-14900: A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks

CVE-2020-10705 [HIGH] CWE-770 CVE-2020-10705: A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.

CVE-2020-10719 [MEDIUM] CWE-444 CVE-2020-10719: A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTT A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes. This flaw allows an attacker to take advantage of HTTP request smuggling.

CVE-2020-10693 [MEDIUM] CWE-20 CVE-2020-10693: A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

CVE-2020-1732 [MEDIUM] CWE-284 CVE-2020-1732: A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently cau A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.