Every CVE whose affected-product data names Redhat Wildfly, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2018-10683 — CVSS 9.8 (critical): An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an attacker can…
CVE-2019-14887 — CVSS 9.1 (critical): A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't…
CVE-2019-3894 — CVSS 8.8 (high): It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run…
CVE-2022-1278 — CVSS 7.5 (high): A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2020-10718 — CVSS 7.5 (high): A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the…
CVE-2020-10740 — CVSS 6.6 (medium): A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Enterprise…
CVE-2025-23367 — CVSS 6.5 (medium): A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is…
CVE-2020-27822 — CVSS 5.9 (medium): A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an…
CVE-2020-14317 — CVSS 5.5 (medium): It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform -…
CVE-2020-1719 — CVSS 5.4 (medium): A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The…
CVE-2018-14627 — CVSS 5.3 (medium): The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers before…
CVE-2020-25640 — CVSS 5.3 (medium): A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection…
CVE-2020-25689 — CVSS 5.3 (medium): A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, generating…
CVE-2022-0866 — CVSS 5.3 (medium): This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is…
CVE-2021-3536 — CVSS 4.8 (medium): A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible…
CVE-2019-3805 — CVSS 4.7 (medium): A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to…
CVE-2021-3503 — CVSS 4.3 (medium): A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this…
CVE-2021-3644 — CVSS 3.3 (low): A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple…