The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of JBoss EAP by Red Hat

WildFly: privilege escalation via EmbeddedManagedProcess API TCCL Setting
An attacker can bypass restrictions via EmbeddedManagedProcess API TCCL Setting of WildFly, in order to escalate his privileges...
CVE-2020-10718, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33094
WildFly: privilege escalation via FORM Authentication Session Fixation
An attacker can bypass restrictions via FORM Authentication Session Fixation of WildFly, in order to escalate his privileges...
CVE-2020-10714, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33093
Hibernate Validator: privilege escalation via Message Interpolation Processor
An attacker can bypass restrictions via Message Interpolation Processor of Hibernate Validator, in order to escalate his privileges...
6348216, CVE-2020-10693, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33092
Undertow: information disclosure via HTTP Requests Invalid Characters
An attacker can bypass access restrictions to data via HTTP Requests Invalid Characters of Undertow, in order to obtain sensitive information...
CVE-2020-10687, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33091
Undertow: information disclosure via Field Name Parsing
An attacker can bypass access restrictions to data via Field Name Parsing of Undertow, in order to obtain sensitive information...
CVE-2020-1710, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-33089
Wildfly: denial of service via EJB SessionOpenInvocations
An attacker can trigger a fatal error via EJB SessionOpenInvocations of Wildfly, in order to trigger a denial of service...
CVE-2020-14307, RHSA-2020:3141-01, RHSA-2020:3142-01, RHSA-2020:3143-01, RHSA-2020:3144-01, RHSA-2020:3495-01, RHSA-2020:3496-01, RHSA-2020:3497-01, RHSA-2020:3501-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-32907
Wildfly: denial of service via Accumulated EJB Transaction Objects
An attacker can trigger a fatal error via Accumulated EJB Transaction Objects of Wildfly, in order to trigger a denial of service...
CVE-2020-14297, RHSA-2020:3141-01, RHSA-2020:3142-01, RHSA-2020:3143-01, RHSA-2020:3144-01, RHSA-2020:3461-01, RHSA-2020:3462-01, RHSA-2020:3463-01, RHSA-2020:3464-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-32906
Apache Tomcat: overload via WebSocket
An attacker can trigger an overload via WebSocket of Apache Tomcat, in order to trigger a denial of service...
6344075, bulletinjul2020, CERTFR-2020-AVI-626, cpuoct2020, CVE-2020-13935, DLA-2286-1, DSA-2020-211, DSA-4627-1, HPESBUX04015, openSUSE-SU-2020:1102-1, openSUSE-SU-2020:1111-1, RHSA-2020:3382-01, RHSA-2020:3383-01, RHSA-2020:4004-01, SB10332, SUSE-SU-2020:2037-1, SUSE-SU-2020:2045-1, SUSE-SU-2020:2046-1, SUSE-SU-2020:2047-1, SUSE-SU-2020:2611-1, USN-4448-1, USN-4596-1, VIGILANCE-VUL-32793
JBoss RESTEasy: Cross Site Scripting via RESTEASY003870 Exception
An attacker can trigger a Cross Site Scripting via RESTEASY003870 Exception of JBoss RESTEasy, in order to run JavaScript code in the context of the web site...
CVE-2020-10688, RHBUG-1814974, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, VIGILANCE-VUL-32522
JBoss RESTEasy: information disclosure via MediaTypeHeaderDelegate Injection
An attacker can bypass access restrictions to data via MediaTypeHeaderDelegate Injection of JBoss RESTEasy, in order to obtain sensitive information...
CVE-2020-1695, RESTEASY-2559, RHSA-2020:2106-01, RHSA-2020:2107-01, RHSA-2020:2108-01, RHSA-2020:2112-01, RHSA-2020:2113-01, RHSA-2020:2511-01, RHSA-2020:2512-01, RHSA-2020:2513-01, RHSA-2020:2515-01, RHSA-2020:3637-01, RHSA-2020:3638-01, RHSA-2020:3639-01, RHSA-2020:3642-01, VIGILANCE-VUL-32521
Our database contains other pages. You can request a free trial to read them.

Display information about JBoss EAP by Red Hat: