Red Hat JBoss Enterprise Application Platform (EAP) Expansion Pack

CPE Details

Red Hat JBoss Enterprise Application Platform (EAP) Expansion Pack
redhat
jboss_enterprise_application_platform_expansion_pack
-
2021-05-19
12h03 +00:00
2021-08-13
14h54 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:redhat:jboss_enterprise_application_platform_expansion_pack:-:*:*:*:*:*:*:*

Informations

Vendor

redhat

Product

jboss_enterprise_application_platform_expansion_pack

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-4503 2024-02-06 08h39 +00:00 An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
7.5
High
CVE-2023-1108 2023-09-14 14h48 +00:00 A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
7.5
High
CVE-2022-1278 2022-09-13 11h38 +00:00 A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
7.5
High
CVE-2022-0853 2022-03-11 16h54 +00:00 A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
7.5
High
CVE-2021-3642 2021-08-05 18h48 +00:00 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
5.3
Medium
CVE-2021-20250 2021-05-13 11h35 +00:00 A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
4.3
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.