Redhat Wildfly
18 CVEs affecting Redhat Wildfly. Latest disclosed: 2025-01-30. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2018-10683 | Critical | 9.8 | 2018-05-09 | An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can successfully access… |
CVE-2019-14887 | Critical | 9.1 | 2020-03-16 | A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker… |
CVE-2019-3894 | High | 8.8 | 2019-05-03 | It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These… |
CVE-2022-1278 | High | 7.5 | 2022-09-13 | A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. |
CVE-2020-10718 | High | 7.5 | 2020-09-16 | A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classload… |
CVE-2020-10740 | Medium | 6.6 | 2020-06-22 | A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise Application Beans(EJB… |
CVE-2025-23367 | Medium | 6.5 | 2025-01-30 | A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role… |
CVE-2020-27822 | Medium | 5.9 | 2020-12-08 | A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTraci… |
CVE-2020-14317 | Medium | 5.5 | 2021-06-02 | It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery… |
CVE-2020-1719 | Medium | 5.4 | 2021-06-07 | A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from… |
CVE-2022-0866 | Medium | 5.3 | 2022-05-10 | This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs pri… |
CVE-2020-25640 | Medium | 5.3 | 2020-11-24 | A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensi… |
CVE-2020-25689 | Medium | 5.3 | 2020-11-02 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating new connections whic… |
CVE-2018-14627 | Medium | 5.3 | 2018-09-04 | The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before this version that are… |
CVE-2021-3536 | Medium | 4.8 | 2021-05-20 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in… |
CVE-2019-3805 | Medium | 4.7 | 2019-05-03 | A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processe… |
CVE-2021-3503 | Medium | 4.3 | 2022-04-18 | A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vulnerability is to the confiden… |
CVE-2021-3644 | Low | 3.3 | 2022-08-26 | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was… |