Every CVE whose affected-product data names Redhat Data Grid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2021-31917 — CVSS 9.8 (critical): A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). An attacker could bypass…
CVE-2015-7501 — CVSS 9.8 (critical): Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise…
CVE-2025-12543 — CVSS 9.6 (critical): A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library…
CVE-2026-28369 — CVSS 8.7 (high): A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it…
CVE-2026-28367 — CVSS 8.7 (high): A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can…
CVE-2026-28368 — CVSS 8.7 (high): A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are…
CVE-2025-23368 — CVSS 8.1 (high): A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed…
CVE-2020-25644 — CVSS 7.5 (high): A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the…
CVE-2024-7885 — CVSS 7.5 (high): A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests…
CVE-2023-4586 — CVSS 7.4 (high): A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when…
CVE-2023-5384 — CVSS 7.2 (high): A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store…
CVE-2020-10771 — CVSS 7.1 (high): A flaw was found in Infinispan version 10, where it is possible to perform various actions that could have side effects using GET requests…
CVE-2023-3628 — CVSS 6.5 (medium): A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could…
CVE-2020-25711 — CVSS 6.5 (medium): A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management…
CVE-2025-5731 — CVSS 5.5 (medium): A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and…
CVE-2021-3642 — CVSS 5.3 (medium): A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer…
CVE-2019-14838 — CVSS 4.9 (medium): A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to…
CVE-2021-3536 — CVSS 4.8 (medium): A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible…
CVE-2023-5236 — CVSS 4.4 (medium): A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with…
CVE-2023-3629 — CVSS 4.3 (medium): A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the…