Redhat Wildfly_core
6 CVEs affecting Redhat Wildfly_core. Latest disclosed: 2025-03-04. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-23368 | High | 8.1 | 2025-03-04 | A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within… |
CVE-2021-3717 | High | 7.8 | 2022-05-24 | A flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all u… |
CVE-2023-4061 | Medium | 6.5 | 2023-11-08 | A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildf… |
CVE-2021-3629 | Medium | 5.9 | 2022-05-24 | A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of serv… |
CVE-2018-10862 | Medium | 5.5 | 2018-07-27 | WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwr… |
CVE-2019-14838 | Medium | 4.9 | 2019-10-14 | A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime sta… |