Redhat Wildfly_elytron
4 CVEs affecting Redhat Wildfly_elytron. Latest disclosed: 2023-01-13. Critical: 0, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10714 | High | 7.5 | 2020-09-23 | A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker c… |
CVE-2020-1748 | High | 7.5 | 2020-09-16 | A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using cu… |
CVE-2022-3143 | High | 7.4 | 2023-01-13 | wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in sev… |
CVE-2021-3642 | Medium | 5.3 | 2021-08-05 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to… |