cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.4,Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2025-23367,https://securityvulnerability.io/vulnerability/CVE-2025-23367,Role-Based Access Control Vulnerability in Wildfly Server,"A vulnerability in the Wildfly Server's Role Based Access Control (RBAC) provider permits unauthorized users to execute critical management operations. Specifically, the flaw enables users with only Monitor or Auditor roles, who should be restricted to read-only access, to suspend or resume the server. This issue arises from inadequate authorization checks in the Suspend and Resume handlers, allowing actions without confirming appropriate user permissions. It's crucial for organizations to address this issue by applying the latest security patches provided by Red Hat.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-30T14:30:04.227Z,0
CVE-2025-23366,https://securityvulnerability.io/vulnerability/CVE-2025-23366,Cross-Site Scripting Vulnerability in Wildfly by Red Hat,"A cross-site scripting vulnerability exists in the HAL Console of Wildfly. This flaw allows an attacker with authenticated access, specifically belonging to management groups such as 'SuperUser', 'Admin', or 'Maintainer', to execute arbitrary scripts in the context of other users' browsers. The issue arises due to inadequate neutralization of user-controllable input before it is rendered on web pages served to other users, posing significant security risks.",Red Hat,"Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2025-01-14T18:16:00.000Z,0
CVE-2024-11736,https://securityvulnerability.io/vulnerability/CVE-2024-11736,Configuration Vulnerability in Keycloak Affects Sensitive Server Information,"A configuration exposure vulnerability has been identified in Keycloak that allows admin users to access sensitive server environment variables and system properties through crafted user-configurable URLs. By manipulating backchannel logout URLs or admin URLs using placeholders like ${env.VARNAME} or ${PROPNAME}, administrators can inadvertently disclose critical server information, as the server processes and substitutes these placeholders with their actual values. This vulnerability poses a significant risk, particularly if the exposed variables contain sensitive data.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",4.9,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-01-14T08:36:08.583Z,0
CVE-2024-11734,https://securityvulnerability.io/vulnerability/CVE-2024-11734,Denial of Service Vulnerability in Keycloak by Red Hat,"A vulnerability exists in Keycloak that can be exploited by an administrative user possessing the authority to alter realm settings. By modifying security headers and introducing newline characters, the Keycloak server may attempt to process a request that has already been terminated. This can lead to a denial of service, effectively disrupting the service for users. It is crucial for administrators to be aware of this vulnerability and to apply the necessary mitigations promptly.",Red Hat,"Red Hat Build Of Keycloak 26.0,Rhbk 26.0.8,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",6.5,MEDIUM,0.0006399999838322401,false,,false,false,false,,false,false,false,,2025-01-14T08:35:42.107Z,0
CVE-2024-12397,https://securityvulnerability.io/vulnerability/CVE-2024-12397,Cookies vulnerability could lead to unauthorized data access or modification,"A vulnerability in Quarkus-HTTP has been identified, where improper parsing of cookies occurs due to certain value-delimiting characters in HTTP requests. This issue enables attackers to create specially crafted cookie values that could facilitate the exfiltration of HttpOnly cookie values or allow the spoofing of arbitrary additional cookie values. These actions may lead to unauthorized access or alterations of sensitive data, significantly affecting the confidentiality and integrity of the data being handled.",Red Hat,"Red Hat Build Of Apache Camel 4.8 For Quarkus 3.15,Red Hat Build Of Quarkus 3.15.3,Cryostat 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7,Streams For Apache Kafka",7.4,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-12T09:05:28.451Z,0
CVE-2024-12369,https://securityvulnerability.io/vulnerability/CVE-2024-12369,Authorization Code Injection Vulnerability in RH SSO OIDC Adapter,"A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8",4.2,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-12-09T20:53:09.260Z,0
CVE-2023-4639,https://securityvulnerability.io/vulnerability/CVE-2023-4639,Unauthorized Data Access via Incorrect Cookie Parsing,"A flaw exists in the Undertow server, which improperly handles the parsing of cookies that contain specific value-delimiting characters in requests. This vulnerability enables potential attackers to craft malicious cookie values, enabling the exfiltration of HttpOnly cookie values or the spoofing of additional cookie values. Consequently, this can lead to unauthorized access to sensitive data and alterations, posing significant risks to the integrity and confidentiality of the affected applications.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Migration Toolkit For Applications 6,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apicurio Registry,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Change Data Capture,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.4,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-11-17T11:15:00.000Z,0
CVE-2023-1973,https://securityvulnerability.io/vulnerability/CVE-2023-1973,Server Denial of Service Vulnerability Discovered in Undertow's FormAuthenticationMechanism,"A vulnerability exists in the Undertow package, specifically within the FormAuthenticationMechanism. A malicious user can exploit this flaw by sending specially crafted requests to the server. This action could lead to a Denial of Service condition, causing the server to encounter an OutOfMemory error and exhausting its available memory resources. This vulnerability poses significant risks to application stability and overall service availability.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9",7.5,HIGH,0.0010900000343099236,false,,false,false,false,,,false,false,,2024-11-07T10:01:57.995Z,0
CVE-2023-1932,https://securityvulnerability.io/vulnerability/CVE-2023-1932,HTML Injection Vulnerability in Hibernate Validator,"A flaw exists in the 'isValid' method within the SafeHtmlValidator class of Hibernate Validator that allows for potential HTML injection and Cross-Site Scripting (XSS) attacks. This vulnerability occurs due to the improper handling of HTML tags, specifically when tag endings are omitted in a less-than character format. Consequently, browsers may render invalid HTML, which could be exploited by attackers to inject malicious scripts, compromising the security of affected applications.",Red Hat,"A-MQ Clients 2,Cryostat 2,Red Hat AMQ Broker 7,Red Hat A-MQ Online,Red Hat Bpm Suite 6,Red Hat Codeready Studio 12,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Fuse 7,Red Hat Jboss Brms 5,Red Hat Jboss Data Grid 7,Red Hat Jboss Data Virtualization 6,Red Hat Jboss Enterprise Application Platform 5,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Continuous Delivery,Red Hat Jboss Fuse 6,Red Hat Jboss Fuse Service Works 6,Red Hat Jboss Operations Network 3,Red Hat Jboss Soa Platform 5,Red Hat Openstack Platform 10 (newton),Red Hat Openstack Platform 13 (queens),Red Hat Process Automation 7,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Support For Spring Boot,Streams For Apache Kafka",6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-07T10:00:51.745Z,0
CVE-2024-9622,https://securityvulnerability.io/vulnerability/CVE-2024-9622,Impact of HTTP Smuggling on Load Balancers and Systems,"The Resteasy-Netty4 library contains a vulnerability linked to improper handling of HTTP requests that employs smuggling techniques. Specifically, this issue arises when an HTTP smuggling request containing an ASCII control character triggers the Netty HttpObjectDecoder to enter a BAD_MESSAGE state. As a consequence, any subsequent legitimate requests on the same connection are disregarded, resulting in client timeouts. This behavior can significantly impact systems that utilize load balancers, thereby increasing their exposure to potential risks.",Red Hat,"Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack",5.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-10-08T16:26:13.413Z,0
CVE-2024-8883,https://securityvulnerability.io/vulnerability/CVE-2024-8883,"Attackers can Redirect Users to Arbitrary URLs, Exposing Sensitive Information","A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",6.1,MEDIUM,0.0024399999529123306,false,,false,false,false,,,false,false,,2024-09-19T15:48:28.468Z,0
CVE-2024-8698,https://securityvulnerability.io/vulnerability/CVE-2024-8698,Flaw in SAML Signature Validation Method Allows Privilege Escalation or Impersonation Attacks,"CVE-2024-8698 is a privilege escalation and impersonation vulnerability located in the SAML signature validation method within the Keycloak XMLSignatureUtil class. The vulnerability allows attackers to create crafted responses that can bypass validation, potentially leading to privilege escalation or impersonation attacks. The impact of the exploitation can have a high impact on confidentiality, with lower impacts on integrity and availability. The vulnerability is addressed in Keycloak version 25.0.6 and organizations using Keycloak are strongly recommended to install updates as soon as possible. It is also recommended to implement updates from other vendors who rely on Keycloak for identity and access management. Upgrading to the newest version may provide safety from future exploitation, but it does not remediate historic compromise. At the time of reporting, no active exploitation of this vulnerability by ransomware groups was reported.",Red Hat,"Red Hat Build Of Keycloak,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 24,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Single Sign-on 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers",7.7,HIGH,0.0007099999929778278,false,,true,false,true,2024-09-25T18:56:46.000Z,true,false,false,,2024-09-19T15:48:18.464Z,0
CVE-2024-7885,https://securityvulnerability.io/vulnerability/CVE-2024-7885,Undertow ProxyProtocolReadListener Vulnerability,"A notable vulnerability exists in the Undertow HTTP server related to the handling of multiple requests over the same HTTP connection. The issue stemmed from the misuse of a shared StringBuilder instance within the ProxyProtocolReadListener, specifically during the process of handling requests in the parseProxyProtocolV1 method. This flaw can lead to information leakage, where sensitive data from a preceding request may be inadvertently included in a subsequent response. The consequence is not only potential data exposure but also issues with connection stability, as errors may arise during processing, affecting overall application performance in environments that handle multiple requests concurrently.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0009800000116229057,false,,false,false,false,,,false,false,,2024-08-21T14:13:36.579Z,0
CVE-2024-3653,https://securityvulnerability.io/vulnerability/CVE-2024-3653,Undertow Vulnerability: Enabling Learning-Push Handler Can Prevent Attacks,"A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Openshift Serverless,Red Hat Build Of Apache Camel For Quarkus,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7,Streams For Apache Kafka",5.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T21:21:20.899Z,0
CVE-2024-5971,https://securityvulnerability.io/vulnerability/CVE-2024-5971,Undertow Vulnerability Leads to Denial of Service Attack,"A vulnerability exists in Undertow that can lead to a denial of service scenario. This occurs when chunked responses hang after the body is flushed. Although the response headers and body are sent successfully, the client continues to wait for the termination of the chunked response, which does not occur as expected. This behavior is particularly problematic in Java 17 environments utilizing TLSv1.3, as it results in uncontrolled resource consumption on the server side, potentially leaving it vulnerable to service disruption.",Red Hat,"Red Hat Build Of Apache Camel 3.20.7 For Spring Boot,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Apache Camel 4.4.2 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1.0,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T20:51:29.223Z,0
CVE-2024-6162,https://securityvulnerability.io/vulnerability/CVE-2024-6162,Undertow Ajp-Listener Vulnerability: URL-Encoded Request Path Information Can Be Broken,"A vulnerability in Undertow affects the processing of URL-encoded request paths on the AJP listener when handling concurrent requests. The issue stems from the sharing of a buffer used for decoding paths across multiple requests, which may result in the server misinterpreting the path, leading to errors like '404 Not Found' or other application failures. This flaw can hinder access to legitimate resources, potentially resulting in a denial of service. Organizations relying on Undertow for handling AJP traffic should assess their systems for exposure to this vulnerability.",Red Hat,"Eap 8.0.1,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-06-20T14:33:10.342Z,0
CVE-2024-1102,https://securityvulnerability.io/vulnerability/CVE-2024-1102,Database Logging Vulnerability Exposes User Credentials,A vulnerability was found in jberet-core logging. An exception in 'dbProperties' might display user credentials such as the username and password for the database-connection.,Red Hat,"Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Single Sign-on 7",6.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-25T17:15:00.000Z,0
CVE-2023-5675,https://securityvulnerability.io/vulnerability/CVE-2023-5675,"Quarkus: authorization flaw in quarkus resteasy reactive and classic when ""quarkus.security.jaxrs.deny-unannotated-endpoints"" or ""quarkus.security.jaxrs.default-roles-allowed"" properties are used.","A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either 'quarkus.security.jaxrs.deny-unannotated-endpoints' or 'quarkus.security.jaxrs.default-roles-allowed' properties.",Red Hat,"Red Hat Build Of Quarkus 2.13.9.final,Red Hat Build Of Quarkus 3.2.9.final,A-MQ Clients 2,Cryostat 2,Openshift Serverless,Red Hat Build Of Optaplanner 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Integration Service Registry,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-25T16:15:00.000Z,0
CVE-2024-1132,https://securityvulnerability.io/vulnerability/CVE-2024-1132,Keycloak Flaw Allows Attackers to Bypass Validation and Access Sensitive Information,"A security vulnerability has been identified in Keycloak, where improper URL validation in redirects could enable an attacker to exploit this flaw. This issue particularly affects clients that utilize wildcards in the Valid Redirect URIs field, which could allow malicious requests to bypass intended restrictions. As a result, sensitive information may be accessed without authorization, potentially leading to further attacks. User interaction is necessary to trigger this vulnerability, making it essential for users and administrators to be informed about securing their implementations of Keycloak.",Red Hat,"Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat Build Of Keycloak 22,Red Hat Build Of Keycloak 22.0.10,Red Hat Jboss A-MQ 7,Red Hat Single Sign-on 7.6 For Rhel 7,Red Hat Single Sign-on 7.6 For Rhel 8,Red Hat Single Sign-on 7.6 For Rhel 9,Rhel-8 Based Middleware Containers,Rhsso 7.6.8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Decision Manager 7,Red Hat Integration Service Registry,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 6,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",8.1,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-04-17T13:21:19.130Z,0
CVE-2023-6236,https://securityvulnerability.io/vulnerability/CVE-2023-6236,Flaw in JBoss EAP OIDC Implementation Allows Access to Multiple Tenants Without Logout,"A significant vulnerability exists in Red Hat Enterprise Application Platform 8, impacting applications utilizing OpenID Connect (OIDC) for multi-tenancy. The flaw arises within the OidcSessionTokenStore, where the logic for determining the usage of cached authentication tokens fails to account for the 'provider-url' option associated with different tenants. When a user attempts to switch to a second tenant, the system incorrectly allows the use of the previously cached token instead of requiring a new login, undermining the security of tenant-specific configurations. This oversight necessitates immediate attention for organizations leveraging this platform to ensure proper authentication protocols.",Red Hat,"Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform Expansion Pack",7.3,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-04-10T01:04:53.970Z,0
CVE-2024-1233,https://securityvulnerability.io/vulnerability/CVE-2024-1233,JwtValidator ResolvePublicKey Vulnerability Could Lead to SSRF,"A vulnerability exists in the JwtValidator.resolvePublicKey method of JBoss EAP, which permits an attacker to execute a server-side request forgery (SSRF) attack. This issue arises because the validator inadequately filters or whitelists destination URL addresses during HTTP requests when processing JSON Web Token (JWT) public key URLs. As a result, malicious actors may exploit this flaw to make unauthorized HTTP requests from the vulnerable server, compromising internal resources and exposing sensitive data.",Red Hat,"Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 8,Red Hat Jboss Enterprise Application Platform 8.0 For Rhel 9,Red Hat Jboss Enterprise Application Platform Expansion Pack",7.3,HIGH,0.0006200000061653554,false,,false,false,false,,,false,false,,2024-04-09T07:01:47.673Z,0
CVE-2024-1300,https://securityvulnerability.io/vulnerability/CVE-2024-1300,Memory Leak in TLS and SNI Support in Eclipse Vert.x Toolkit Allows Attackers to Trigger JVM Out-of-Memory Error,"A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Migration Toolkit For Runtimes 1 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Openshift Serverless,Red Hat Build Of Apache Camel For Spring Boot,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss A-MQ 7,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse 7,Red Hat Process Automation 7",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-04-02T08:15:00.000Z,0
CVE-2024-1023,https://securityvulnerability.io/vulnerability/CVE-2024-1023,Memory Leak Vulnerability in Eclipse Vert.x Toolkit,"A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.",Red Hat,"Ceq 3.2,Cryostat 2 On Rhel 8,Mta-6.2-rhel-9,Red Hat AMQ Streams 2.7.0,Red Hat Build Of Apache Camel 4.4.1 For Spring Boot,Red Hat Build Of Quarkus 3.2.11.final,Rhint Service Registry 2.5.11 Ga,A-MQ Clients 2,Migration Toolkit For Runtimes,Openshift Serverless,Red Hat AMQ Broker 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Build Of Quarkus,Red Hat Data Grid 8,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Integration Camel Quarkus,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Process Automation 7",6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-03-27T07:51:15.716Z,0
CVE-2023-5685,https://securityvulnerability.io/vulnerability/CVE-2023-5685,Stack Overflow Exception in XNIO NotifierState Could Lead to Denial of Service,"A flaw identified in the XNIO NotifierState component allows for a stack overflow exception due to an excessively large chain of notifier states. This vulnerability can lead to uncontrolled resource management, which may result in a denial of service (DoS) condition on systems utilizing the affected versions of XNIO. Administrators should take appropriate precautions to mitigate potential risks associated with this issue.",Red Hat,"Eap 7.4.14,Red Hat Build Of Apache Camel 4.4.0 For Spring Boot,Red Hat Jboss Enterprise Application Platform 7.1 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.3 Eus For Rhel 7,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 8,Red Hat Jboss Enterprise Application Platform 7.4 For Rhel 9,Red Hat Jboss Enterprise Application Platform 7.4 On Rhel 7,Red Hat Build Of Apache Camel For Spring Boot 3,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Keycloak,Red Hat Data Grid 8,Red Hat Integration Camel K,Red Hat Jboss Data Grid 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Jboss Fuse Service Works 6,Red Hat Process Automation 7,Red Hat Single Sign-on 7",7.5,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-03-22T18:24:42.696Z,0