CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-1278 – WildFly: possible information disclosure
https://notcve.org/view.php?id=CVE-2022-1278
13 Sep 2022 — A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Se ha encontrado un fallo en WildFly, en el que un atacante puede visualizar los nombres de los despliegues, los endpoints y cualquier otro dato que pueda contener la carga útil de rastreo A flaw was found in WildFly. This flaw allows an attacker to see deployment names, endpoints, and any other data the trace payload may contain. AMQ Broker is a high-performance messaging im... • https://bugzilla.redhat.com/show_bug.cgi?id=2073401 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3503
https://notcve.org/view.php?id=CVE-2021-3503
18 Apr 2022 — A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality. Se ha encontrado un fallo en Wildfly en el que unas restricciones RBAC insuficientes pueden conllevar a una exposición de datos de métricas. La mayor amenaza de esta vulnerabilidad es la confidencialidad. • https://access.redhat.com/security/cve/CVE-2021-3503 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-3536 – wildfly: XSS via admin console when creating roles in domain mode
https://notcve.org/view.php?id=CVE-2021-3536
20 May 2021 — A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. Se encontró un fallo en Wildfly en versiones anteriores a 23.0.2.Final, mientras se crea un nuevo rol en el modo de dominio por medio de la consola de administración, es posible agregar una carga útil en el campo name, conllevando a una vulnerabilidad de tipo XSS. Esto af... • https://bugzilla.redhat.com/show_bug.cgi?id=1948001 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2020-27822 – wildfly: Potential Memory leak in Wildfly when using OpenTracing
https://notcve.org/view.php?id=CVE-2020-27822
08 Dec 2020 — A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. Se encontró un fallo en Wildfly afectando a versiones 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final y 21.0.0.Final. • https://bugzilla.redhat.com/show_bug.cgi?id=1904060 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-25640 – wildfly: resource adapter logs plaintext JMS password at warning level on connection error
https://notcve.org/view.php?id=CVE-2020-25640
24 Nov 2020 — A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. Se detectó un fallo en WildFly versiones anteriores a 21.0.0.Final donde, el adaptador de Recursos registra una contraseña JMS de texto plano en el nivel de advertencia en caso de error de conexión, insertando información confidencial en el archivo de registro A flaw was found in wildfly. JMS passwords are logged by t... • https://bugzilla.redhat.com/show_bug.cgi?id=1881637 • CWE-209: Generation of Error Message Containing Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 12EXPL: 1CVE-2020-25689 – wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller
https://notcve.org/view.php?id=CVE-2020-25689
30 Oct 2020 — A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability. Se encontró una fallo de filtrado de memoria en WildFly en todas las versiones hasta 21.0.0.Final, donde el c... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25689 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10740 – wildfly: unsafe deserialization in Wildfly Enterprise Java Beans
https://notcve.org/view.php?id=CVE-2020-10740
22 Jun 2020 — A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB) due to lack of validation/filtering capabilities in wildfly. Se encontró una vulnerabilidad en Wildfly en versiones anteriores a 20.0.0.Final, donde es posible un ataque de deserialización remota en Enterprise Application Beans (EJB) debido a una falta de capacidades de validación y filtrado en wildfly A flaw was found in Wildfly. A remote deseriali... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10740 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-1719 – Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain
https://notcve.org/view.php?id=CVE-2020-1719
11 May 2020 — A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected. Se ha encontrado un fallo en wildfly. • https://bugzilla.redhat.com/show_bug.cgi?id=1796617 • CWE-270: Privilege Context Switching Error •