Jboss_enterprise_application_platform
(Redhat)| Repositories |
•
https://github.com/FasterXML/jackson-databind
• https://github.com/qos-ch/slf4j • https://github.com/bcgit/bc-java • https://github.com/apache/cxf • https://github.com/wildfly-security/jboss-negotiation |
| #Vulnerabilities | 138 |
| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2020-01-08 | CVE-2019-14820 | It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized information. | Jboss_enterprise_application_platform, Jboss_fuse, Keycloak, Single_sign\-On | N/A | |
| 2020-01-07 | CVE-2019-14843 | A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue. | Jboss_enterprise_application_platform, Single_sign\-On | N/A | |
| 2020-01-02 | CVE-2014-0169 | In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | Jboss_enterprise_application_platform | N/A | |
| 2019-11-08 | CVE-2019-10219 | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | Hibernate\-Validator, Jboss_data_grid, Jboss_enterprise_application_platform, Single_sign\-On | N/A | |
| 2019-12-18 | CVE-2012-2312 | An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | Jboss_application_server, Jboss_enterprise_application_platform | N/A | |
| 2019-12-11 | CVE-2013-6495 | JBossWeb Bayeux has reflected XSS | Jboss_enterprise_application_platform, Jboss_portal | N/A | |
| 2019-10-14 | CVE-2019-14838 | A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server | Jboss_enterprise_application_platform, Wildfly_core | N/A | |
| 2019-11-18 | CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes. | Jackson\-Mapper\-Asl, Jboss_enterprise_application_platform, Jboss_fuse | N/A | |
| 2016-09-01 | CVE-2016-2183 | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | Content_security_management_appliance, Openssl, Database, Python, Enterprise_linux, Jboss_enterprise_application_platform, Jboss_enterprise_web_server, Jboss_web_server | 7.5 | |
| 2018-05-21 | CVE-2018-1067 | In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. | Jboss_enterprise_application_platform, Undertow, Virtualization | 6.1 |