CPE-84A763A4-6D69-428B-874E-6570D3001F0A Detail

CPE Details

Red Hat WildFly 21.0.0

Vendor

redhat

Product

wildfly

Version

21.0.0

Created

2020-11-16
13h59 +00:00

Modified

2020-11-16
13h59 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:redhat:wildfly:21.0.0:::::::*

Informations

Vendor

redhat

Product

wildfly

Version

21.0.0

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2022-1278	2022-09-13 11h38 +00:00	A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.	7.5	High
CVE-2022-0866	2022-05-10 18h20 +00:00	This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it's also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled.	5.3	Medium
CVE-2021-3503	2022-04-18 14h20 +00:00	A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confidentiality.	4.3	Medium
CVE-2021-3536	2021-05-20 10h15 +00:00	A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.	4.8	Medium
CVE-2020-27822	2020-12-07 23h07 +00:00	A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability.	5.9	Medium
CVE-2020-25689	2020-10-29 23h00 +00:00	A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections which are not properly closed while not able to connect to domain-controller. This flaw allows an attacker to cause an Out of memory (OOM) issue, leading to a denial of service. The highest threat from this vulnerability is to system availability.	6.5	Medium

Red Hat WildFly 21.0.0

CPE Details

CPE Name: cpe:2.3:a:redhat:wildfly:21.0.0:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:redhat:wildfly:21.0.0:::::::*