CPE-153F2D1D-B268-435A-8019-B8AE1B4A171E Detail

CPE Details

Red Hat JBoss Enterprise Application Platform 7.1.1

Vendor

redhat

Product

jboss_enterprise_application_platform

Version

7.1.1

Created

2019-07-22
16h18 +00:00

Modified

2019-07-22
16h18 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.1:::::::*

Informations

Vendor

redhat

Product

jboss_enterprise_application_platform

Version

7.1.1

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-0866	2022-05-10 18h20 +00:00	This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.	5.3	Medium
CVE-2019-19343	2021-03-23 19h23 +00:00	A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable.	7.5	High
CVE-2019-14885	2020-01-22 23h00 +00:00	A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.	4.3	Medium

Red Hat JBoss Enterprise Application Platform 7.1.1

CPE Details

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.1:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.1:::::::*