Known Vulnerabilities for Wildfly by Redhat
Listed below are 10 of the newest known vulnerabilities associated with "Wildfly" by "Redhat".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2021-3644 | A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains mu... | 3.3 - LOW | 2022-08-26 | 2022-08-31 |
| CVE-2021-3536 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, i... | 4.8 - MEDIUM | 2021-05-20 | 2021-05-26 |
| CVE-2021-3503 | A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from thi... | 4.3 - MEDIUM | 2022-04-18 | 2022-10-25 |
| CVE-2020-27822 | A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When... | 5.9 - MEDIUM | 2020-12-08 | 2020-12-14 |
| CVE-2020-25689 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loo... | 6.5 - MEDIUM | 2020-11-02 | 2023-02-12 |
| CVE-2020-25640 | A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on... | 5.3 - MEDIUM | 2020-11-24 | 2023-11-07 |
| CVE-2020-14317 | It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Applicati... | 5.5 - MEDIUM | 2021-06-02 | 2021-06-10 |
| CVE-2020-10740 | A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in th... | 7.5 - HIGH | 2020-06-22 | 2023-11-07 |
| CVE-2020-10718 | A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setti... | 7.5 - HIGH | 2020-09-16 | 2020-09-22 |
| CVE-2020-1719 | A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Securit... | 5.4 - MEDIUM | 2021-06-07 | 2021-06-16 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Wildfly | 9.0.2 | All | All | All |
| Application | Redhat | Wildfly | 9.0.1 | All | All | All |
| Application | Redhat | Wildfly | 9.0.0 | cr2 | All | All |
| Application | Redhat | Wildfly | 9.0.0 | cr1 | All | All |
| Application | Redhat | Wildfly | 9.0.0 | beta2 | All | All |
| Application | Redhat | Wildfly | 9.0.0 | beta1 | All | All |
| Application | Redhat | Wildfly | 9.0.0 | alpha1 | All | All |
| Application | Redhat | Wildfly | 9.0.0 | - | All | All |
| Application | Redhat | Wildfly | 8.2.1 | All | All | All |
| Application | Redhat | Wildfly | 8.1.0 | - | All | All |
| Application | Redhat | Wildfly | 8.1.0 | cr1 | All | All |
| Application | Redhat | Wildfly | 8.1.0 | cr2 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | - | All | All |
| Application | Redhat | Wildfly | 8.0.0 | cr1 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | beta1 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | alpha4 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | alpha3 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | alpha2 | All | All |
| Application | Redhat | Wildfly | 8.0.0 | alpha1 | All | All |
| Application | Redhat | Wildfly | 7.2.5 | cr2 | All | All |