The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of JBoss EAP by Red Hat

WildFly: password leak in log file
An attacker can retrieve usernames and associated passwords in WildFly log files...
13, CVE-2020-25640, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33970
Hibernate ORM: SQL injection via Comments
An attacker can use a SQL injection via Comments of Hibernate ORM, in order to read or alter data...
CVE-2020-25638, DLA-2512-1, RHSA-2020:5174-01, RHSA-2020:5175-01, RHSA-2020:5254-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33940
WildFly: memory leak via Host Controller Connect Loop
An attacker can create a memory leak via Host Controller Connect Loop of WildFly, in order to trigger a denial of service...
CVE-2020-25689, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33757, WFCORE-5105
WildFly OpenSSL: memory leak via HTTP Session End
An attacker can create a memory leak via HTTP Session End of WildFly OpenSSL, in order to trigger a denial of service...
CVE-2020-25644, RHBUG-1885485, RHSA-2020:4256-01, RHSA-2020:4257-01, RHSA-2020:4922-01, RHSA-2020:4923-01, RHSA-2020:4978-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, VIGILANCE-VUL-33574
FasterXML Jackson Databind: external XML entity injection
An attacker can transmit malicious XML data to FasterXML Jackson Databind, in order to read a file, scan sites, or trigger a denial of service...
CVE-2020-25649, DLA-2406-1, RHSA-2020:4312-01, RHSA-2020:4401-01, RHSA-2020:4402-01, RHSA-2020:5340-01, RHSA-2020:5341-01, RHSA-2020:5342-01, RHSA-2020:5344-01, RHSA-2020:5526-01, RHSA-2020:5527-01, RHSA-2020:5528-01, RHSA-2020:5533-01, VIGILANCE-VUL-33573
XNIO: denial of service via File Descriptor Leak
An attacker can trigger a fatal error via File Descriptor Leak of XNIO, in order to trigger a denial of service...
CVE-2020-14340, RHBUG-1860218, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33554
PicketBox: privilege escalation via Admin-only Mode Reload
An attacker can bypass restrictions via Admin-only Mode Reload of PicketBox, in order to escalate his privileges...
CVE-2020-14299, RHBUG-1848533, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33553
Apache HttpClient: information disclosure via java.net.URI Authority Component
An attacker can bypass access restrictions to data via java.net.URI Authority Component of Apache HttpClient, in order to obtain sensitive information...
CVE-2020-13956, DLA-2405-1, DSA-4772-1, RHSA-2021:0246-01, RHSA-2021:0247-01, RHSA-2021:0248-01, RHSA-2021:0250-01, VIGILANCE-VUL-33523
Apache CXF: information disclosure via InstrumentationManager Extension Bus
An attacker can bypass access restrictions to data via InstrumentationManager Extension Bus of Apache CXF, in order to obtain sensitive information...
6344071, cpuoct2020, CVE-2020-1954, RHSA-2020:4244-01, RHSA-2020:4245-01, RHSA-2020:4246-01, RHSA-2020:4247-01, RHSA-2020:4929-01, RHSA-2020:4930-01, RHSA-2020:4931-01, RHSA-2020:4932-01, VIGILANCE-VUL-33515
Apache CXF: information disclosure via OpenId Connect JWK Keys
An attacker can bypass access restrictions to data via OpenId Connect JWK Keys of Apache CXF, in order to obtain sensitive information...
6344071, cpujul2020, cpuoct2020, CVE-2019-12423, RHSA-2020:2058-01, RHSA-2020:2059-01, RHSA-2020:2060-01, RHSA-2020:2061-01, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-33511
Our database contains other pages. You can request a free trial to read them.

Display information about JBoss EAP by Red Hat: