cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2020-25689,https://securityvulnerability.io/vulnerability/CVE-2020-25689,Memory Leak Vulnerability in WildFly by Red Hat,"A memory leak issue exists in WildFly, specifically affecting all versions up to 21.0.0.Final. When the host-controller attempts to reconnect to the domain-controller, it enters a loop that creates new connections without closing the previously established ones. This can lead to exhaustive memory consumption, potentially causing an Out of Memory (OOM) condition and resulting in denial of service. Such behavior significantly impacts the availability of the system, allowing for service interruptions that can affect users and applications relying on the WildFly server.",Red Hat,Wildfly-core,5.3,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-11-02T21:15:00.000Z,0
CVE-2020-14297,https://securityvulnerability.io/vulnerability/CVE-2020-14297,Denial of Service Vulnerability in Red Hat JBoss EAP's EJB Client,"A vulnerability in Red Hat JBoss EAP 7's EJB Client allows for the accumulation of certain EJB transaction objects over time, which can lead to significant service degradation. When exploited, this vulnerability can result in a denial of service attack, rendering services unavailable to legitimate users. Organizations using JBoss EAP 7 should assess their vulnerability status and implement recommended security measures to mitigate potential impacts.",Red Hat,Wildfly,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2020-07-24T15:37:25.000Z,0
CVE-2020-14307,https://securityvulnerability.io/vulnerability/CVE-2020-14307,Denial of Service Vulnerability in Wildfly's Enterprise Java Beans from Red Hat,"A flaw in Wildfly's Enterprise Java Beans (EJB) found in Red Hat JBoss EAP 7 allows an attacker to potentially launch a denial of service attack. This occurs because SessionOpenInvocations are not removed from the remote InvocationTracker after a response is received by the EJB client and server, which can result in service unavailability.",Red Hat,Wildfly,6.5,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2020-07-24T00:00:00.000Z,0
CVE-2019-14887,https://securityvulnerability.io/vulnerability/CVE-2019-14887,Downgrade Attack Vulnerability in Wildfly by Red Hat,"A vulnerability exists in Wildfly where the 'enabled-protocols' setting is ignored when an OpenSSL security provider is in use. This flaw allows an attacker to target and manipulate the traffic from Wildfly, leading to a possibility of downgrading the connection to a less secure TLS version. Consequently, the encryption may be compromised, exposing sensitive data traversing the network. The versions impacted by this vulnerability include Wildfly 7.2.0.GA, 7.2.3.GA, and 7.2.5.CR2, necessitating immediate remediation to safeguard against potential data leaks.",Red Hat,Wildfly,7.4,HIGH,0.0013500000350177288,false,,false,false,false,,,false,false,,2020-03-16T14:48:09.000Z,0
CVE-2019-14843,https://securityvulnerability.io/vulnerability/CVE-2019-14843,Authorization Flaw in Wildfly Security Manager Affects Red Hat JBoss EAP and SSO,"An authorization flaw exists in Wildfly Security Manager when running under JDK 11 or 8, allowing any requester to authorize requests. This vulnerability permits malicious applications hosted on the app server to access sensitive information and may lead to additional attacks. Specifically, Red Hat JBoss EAP 7 and Red Hat SSO 7 installations are susceptible to this issue, raising concerns about unauthorized data access.",Red Hat,Wildfly-security-manager,7.5,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2020-01-07T16:34:59.000Z,0
CVE-2019-14838,https://securityvulnerability.io/vulnerability/CVE-2019-14838,Improper Permissions in WildFly Core Management Functionality,"A vulnerability in WildFly Core prior to version 7.2.5.GA allows management users with roles such as Monitor, Auditor, and Deployer to incorrectly modify the runtime state of the server. This misconfiguration can lead to unauthorized changes, posing risks to the stability and security of the server environment.",Red Hat,Wildfly-core,5.2,MEDIUM,0.004000000189989805,false,,false,false,false,,,false,false,,2019-10-14T14:32:53.000Z,0
CVE-2019-3894,https://securityvulnerability.io/vulnerability/CVE-2019-3894,Thread Security Identity Flaw in Wildfly Software by Red Hat,"A vulnerability has been identified in the ElytronManagedThread of Wildfly’s Elytron subsystem, affecting versions 11 through 16. This flaw allows threads to retain a SecurityIdentity beyond their intended lifecycle, particularly if the keep-alive time is not met. As a result, a shared thread may execute actions using an incorrect security identity, potentially leading to unauthorized access and execution of sensitive operations.",Red Hat,Wildfly,5.4,MEDIUM,0.004240000154823065,false,,false,false,false,,,false,false,,2019-05-03T19:25:58.000Z,0
CVE-2019-3805,https://securityvulnerability.io/vulnerability/CVE-2019-3805,Local Privilege Escalation Vulnerability in WildFly by Red Hat,"A vulnerability in WildFly, up to version 16.0.0.Final, allows local users with permission to execute init.d scripts to influence process management on the system. By manipulating the PID file located in /var/run/jboss-eap/, an attacker could exploit this flaw to terminate any process as root, leading to potential system control.",Red Hat,Wildfly,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2019-05-03T19:25:28.000Z,0
CVE-2018-10934,https://securityvulnerability.io/vulnerability/CVE-2018-10934,,"A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.",Red Hat,Wildfly-core,5.4,MEDIUM,0.00139999995008111,false,,false,false,false,,,false,false,,2019-03-27T12:20:07.000Z,0
CVE-2016-9589,https://securityvulnerability.io/vulnerability/CVE-2016-9589,,"Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, up to ""max-headers"" (default 200) * ""max-header-size"" (default 1MB) per active TCP connection.",Red Hat,Wildfly,7.5,HIGH,0.015639999881386757,false,,false,false,false,,,false,false,,2018-03-12T15:00:00.000Z,0
CVE-2018-1047,https://securityvulnerability.io/vulnerability/CVE-2018-1047,,A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files.,Red Hat,Wildfly,5.5,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2018-01-24T23:00:00.000Z,0