Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Jboss Enterprise Application Platform Expansion Pack
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-4503 1 Redhat 3 Enterprise Linux, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack 2024-02-14 N/A 7.5 HIGH
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
CVE-2023-1108 2 Netapp, Redhat 17 Oncommand Workflow Automation, Build Of Quarkus, Decision Manager and 14 more 2023-12-10 N/A 7.5 HIGH
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
CVE-2022-1278 1 Redhat 8 Amq, Amq Online, Integration Camel K and 5 more 2023-12-10 N/A 7.5 HIGH
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2022-0853 1 Redhat 5 Descision Manager, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Expansion Pack and 2 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
CVE-2021-20250 1 Redhat 2 Jboss-ejb-client, Jboss Enterprise Application Platform Expansion Pack 2023-12-10 4.0 MEDIUM 4.3 MEDIUM
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
CVE-2021-3642 2 Quarkus, Redhat 13 Quarkus, Build Of Quarkus, Codeready Studio and 10 more 2023-12-10 3.5 LOW 5.3 MEDIUM
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.