Red hat Jboss Enterprise Application Platform Vulnerabilities

Remote Code Execution Vulnerability in WildFly and JBoss EAP

CVE-2025-2251

Red HatRed Hat Jboss Enterpri...6.2MEDIUM

Out-of-Memory Vulnerability in Smallrye's Fault Tolerance Feature

CVE-2025-2240

Red HatRed Hat Build Of Apach...7.5HIGH

Unauthorized Data Access via Incorrect Cookie Parsing

CVE-2023-4639

Red HatMigration Toolkit For ...7.4HIGH

Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism

CVE-2023-1973

Red HatRed Hat Jboss Enterpri...7.5HIGH

HTML Injection Vulnerability in Hibernate Validator

CVE-2023-1932

Red HatA-MQ Clients 26.1MEDIUM

Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible

CVE-2024-10234

Red Hat7.3HIGH

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

CVE-2024-8883

Red HatRed Hat Build Of Keycloak6.1MEDIUM

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

CVE-2024-8698

Red HatRed Hat Build Of Keycloak👾🟡EPSS 76%📰7.7HIGH

Flaw in JBoss EAP OIDC Implementation Allows Access to Multiple Tenants Without Logout

CVE-2023-6236

Red HatRed Hat Jboss Enterpri...7.3HIGH

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service

CVE-2023-5685

Red HatEap 7.4.147.5HIGH

Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files

CVE-2024-1459

Red HatRed Hat Jboss Enterpri...5.3MEDIUM

Unsecured Server Provisioning Vulnerability in Galleon

CVE-2023-4503

Red HatEap 7.4.146.8MEDIUM

Keycloak: redirect_uri validation bypass

CVE-2023-6291

Red HatRed Hat Build Of Keycl...7.1HIGH

Heap exhaustion via deserialization

CVE-2023-3171

Red Hateap7.5HIGH

Infinispan: non-admins should not be able to get cache config via rest api

CVE-2023-3629

Red HatRed Hat Data Grid 8.4.44.3MEDIUM

Infispan: rest bulk ops don't check permissions

CVE-2023-3628

Red HatRed Hat Data Grid 8.4.46.5MEDIUM

Undertow: ajp request closes connection exceeding maxrequestsize

CVE-2023-5379

Red HatRed Hat Jboss Enterpri...7.5HIGH

Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

CVE-2023-4061

Red HatEap 7.4.136.5MEDIUM

Undertow: outofmemoryerror due to @multipartconfig handling

CVE-2023-3223

Red HatRed Hat Fuse 7.12.17.5HIGH

Codehaus-plexus: xml external entity (xxe) injection

CVE-2022-4245

Red HatRhint Camel-k-1.10.14.3MEDIUM

Codehaus-plexus: directory traversal

CVE-2022-4244

Red HatRhint Camel-k-1.10.17.5HIGH

Infinite loop in sslconduit during close

CVE-2023-1108

Red Hatundertow7.5HIGH

Drools: unsafe data deserialization in streamutils

CVE-2022-1415

Red HatRHPam 7.13.1 Async8.1HIGH

Authorization Bypass in Red Hat JBoss Products

CVE-2012-5626

Red HatJboss Brms7.5HIGH

Improper Default Permissions in JBoss Enterprise Application Platform by Red Hat

CVE-2016-7066

Red HatJboss Enterprise Appli...7.8HIGH

Vulnerability Published:

Sort By:

7 April 2025

Remote Code Execution Vulnerability in WildFly and JBoss EAP

12 March 2025

Out-of-Memory Vulnerability in Smallrye's Fault Tolerance Feature

17 November 2024

Unauthorized Data Access via Incorrect Cookie Parsing

7 November 2024

Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism

HTML Injection Vulnerability in Hibernate Validator

22 October 2024

Wildfly Deployment System Vulnerability: Cross-Site Scripting Attacks Possible

19 September 2024

Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information

Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks

10 April 2024

Flaw in JBoss EAP OIDC Implementation Allows Access to Multiple Tenants Without Logout

22 March 2024

Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service

12 February 2024

Potential Path Traversal Vulnerability in Undertow Could Allow Access to Privileged Files

6 February 2024

Unsecured Server Provisioning Vulnerability in Galleon

26 January 2024

Keycloak: redirect_uri validation bypass

27 December 2023

Heap exhaustion via deserialization

18 December 2023

Infinispan: non-admins should not be able to get cache config via rest api

Infispan: rest bulk ops don't check permissions

12 December 2023

Undertow: ajp request closes connection exceeding maxrequestsize

8 November 2023

Wildfly-core: management user rbac permission allows unexpected reading of system-properties to an unauthorized actor

27 September 2023

Undertow: outofmemoryerror due to @multipartconfig handling

25 September 2023

Codehaus-plexus: xml external entity (xxe) injection

Codehaus-plexus: directory traversal

14 September 2023

Infinite loop in sslconduit during close

11 September 2023

Drools: unsafe data deserialization in streamutils

23 January 2020

Authorization Bypass in Red Hat JBoss Products

11 September 2018

Improper Default Permissions in JBoss Enterprise Application Platform by Red Hat