Red Hat Jboss Enterprise Application Platform Expansion Pack
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Jboss Enterprise Application Platform Expansion Pack.
By the Year
In 2026 there have been 0 vulnerabilities in Red Hat Jboss Enterprise Application Platform Expansion Pack. Jboss Enterprise Application Platform Expansion Pack did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 1 | 7.50 |
| 2023 | 1 | 7.50 |
| 2022 | 2 | 7.50 |
| 2021 | 2 | 5.30 |
It may take a day or so for new Jboss Enterprise Application Platform Expansion Pack vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Enterprise Application Platform Expansion Pack Security Vulnerabilities
Improper init in Galleon can expose unsecured EAP/EAPXP servers
CVE-2023-4503
7.5 - High
- February 06, 2024
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
Improper Initialization
Undertow SSL Handshake Loop DoS via SslConduit
CVE-2023-1108
7.5 - High
- September 14, 2023
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Infinite Loop
WildFly Log Trace Data Disclosure: Leakage of Deployment Names
CVE-2022-1278
7.5 - High
- September 13, 2022
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
Insecure Default Initialization of Resource
A flaw was found in JBoss-client
CVE-2022-0853
7.5 - High
- March 11, 2022
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Memory Leak
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final
CVE-2021-3642
5.3 - Medium
- August 05, 2021
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Side Channel Attack
A flaw was found in wildfly
CVE-2021-20250
- May 13, 2021
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Jboss Enterprise Application Platform Expansion Pack or by Red Hat? Click the Watch button to subscribe.
