Redhat Jboss Data Grid — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Data Grid, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (25)
CVE-2019-3888 — CVSS 9.8 (critical): A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because…
CVE-2019-10212 — CVSS 9.8 (critical): A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this…
CVE-2019-10158 — CVSS 9.8 (critical): A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring…
CVE-2019-14892 — CVSS 9.8 (critical): A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic…
CVE-2019-14887 — CVSS 9.1 (critical): A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't…
CVE-2019-10174 — CVSS 8.8 (high): A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application…
CVE-2018-1131 — CVSS 8.8 (high): Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with…
CVE-2022-1271 — CVSS 8.8 (high): An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for…
CVE-2020-1757 — CVSS 8.1 (high): A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to…
CVE-2016-4970 — CVSS 7.5 (high): handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of…
CVE-2019-10184 — CVSS 7.5 (high): undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted…
CVE-2019-14888 — CVSS 7.5 (high): A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the…
CVE-2020-25644 — CVSS 7.5 (high): A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2023-5384 — CVSS 7.2 (high): A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC store…
CVE-2017-2638 — CVSS 6.5 (medium): It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2023-3628 — CVSS 6.5 (medium): A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue could…
CVE-2019-10219 — CVSS 6.1 (medium): A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of…
CVE-2020-14340 — CVSS 5.9 (medium): A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage…
CVE-2020-25689 — CVSS 5.3 (medium): A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating…
CVE-2020-1710 — CVSS 5.3 (medium): The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a…
CVE-2023-5236 — CVSS 4.4 (medium): A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with…
CVE-2023-3629 — CVSS 4.3 (medium): A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the…