8 results (0.011 seconds)

CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Se ha encontrado un fallo en WildFly, en el que un atacante puede visualizar los nombres de los despliegues, los endpoints y cualquier otro dato que pueda contener la carga útil de rastreo A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain. • https://bugzilla.redhat.com/show_bug.cgi?id=2073401 https://access.redhat.com/security/cve/CVE-2022-1278 • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. Se ha encontrado un fallo en Wildfly en el que unas restricciones RBAC insuficientes pueden conllevar a una exposición de datos de métricas. La mayor amenaza de esta vulnerabilidad es la confidencialidad. • https://access.redhat.com/security/cve/CVE-2021-3503 https://bugzilla.redhat.com/show_bug.cgi?id=1942693 https://github.com/advisories/GHSA-c4r5-xvgw-2942 https://github.com/wildfly/wildfly/pull/14136 https://issues.redhat.com/browse/WFLY-11933 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. Se ha encontrado un fallo en wildfly-core en todas las versiones. Si una expresión de bóveda está en la forma de un solo atributo que contiene múltiples expresiones, un usuario al que le ha sido concedido acceso a la interfaz de administración puede potencialmente acceder a una expresión de bóveda a la que no debería poder acceder y posiblemente recuperar el elemento que estaba almacenado en la bóveda. • https://access.redhat.com/security/cve/CVE-2021-3644 https://bugzilla.redhat.com/show_bug.cgi?id=1976052 https://github.com/wildfly/wildfly-core/commit/06dd9884f6ba50470b1fb5a35198a8784f037714 https://github.com/wildfly/wildfly-core/commit/6d8db43cd43b5994b7a14003db978064e086090b https://github.com/wildfly/wildfly-core/pull/4668 https://issues.redhat.com/browse/WFCORE-5511 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 0

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. Se encontró un fallo en Wildfly en versiones anteriores a 23.0.2.Final, mientras se crea un nuevo rol en el modo de dominio por medio de la consola de administración, es posible agregar una carga útil en el campo name, conllevando a una vulnerabilidad de tipo XSS. Esto afecta la Confidencialidad y la Integridad A flaw was found in Wildfly. While creating a new role in the domain mode via the admin console, it is possible to add a payload in the name field, leading to a Cross-site scripting attack (XSS). • https://bugzilla.redhat.com/show_bug.cgi?id=1948001 https://access.redhat.com/security/cve/CVE-2021-3536 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. Se detectó un fallo en WildFly versiones anteriores a 21.0.0.Final donde, el adaptador de Recursos registra una contraseña JMS de texto plano en el nivel de advertencia en caso de error de conexión, insertando información confidencial en el archivo de registro A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data confidentiality. • https://bugzilla.redhat.com/show_bug.cgi?id=1881637 https://github.com/amqphub/amqp-10-resource-adapter/issues/13 https://security.netapp.com/advisory/ntap-20201210-0001 https://access.redhat.com/security/cve/CVE-2020-25640 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •