Red Hat Jboss Enterprise Application Platform Expansion Pack
By the Year
In 2024 there have been 1 vulnerability in Red Hat Jboss Enterprise Application Platform Expansion Pack with an average score of 7.5 out of ten. Last year Jboss Enterprise Application Platform Expansion Pack had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Jboss Enterprise Application Platform Expansion Pack in 2024 could surpass last years number. Interestingly, the average vulnerability score and the number of vulnerabilities for 2024 and last year was the same.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 1 | 7.50 |
| 2023 | 1 | 7.50 |
| 2022 | 2 | 7.50 |
| 2021 | 2 | 4.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Jboss Enterprise Application Platform Expansion Pack vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Jboss Enterprise Application Platform Expansion Pack Security Vulnerabilities
An improper initialization vulnerability was found in Galleon
CVE-2023-4503
7.5 - High
- February 06, 2024
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an attacker to access remote HTTP services available from the server.
Improper Initialization
A flaw was found in undertow
CVE-2023-1108
7.5 - High
- September 14, 2023
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Infinite Loop
A flaw was found in WildFly, where an attacker
CVE-2022-1278
7.5 - High
- September 13, 2022
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
Insecure Default Initialization of Resource
A flaw was found in JBoss-client
CVE-2022-0853
7.5 - High
- March 11, 2022
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
Memory Leak
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final
CVE-2021-3642
5.3 - Medium
- August 05, 2021
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Side Channel Attack
A flaw was found in wildfly
CVE-2021-20250
4.3 - Medium
- May 13, 2021
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Information Disclosure
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Jboss Enterprise Application Platform Expansion Pack or by Red Hat? Click the Watch button to subscribe.
