Red Hat Wildfly Elytron
By the Year
In 2022 there have been 1 vulnerability in Red Hat Wildfly Elytron with an average score of 5.4 out of ten. Last year Wildfly Elytron had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Wildfly Elytron in 2022 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2022 is greater by 0.10.
It may take a day or so for new Wildfly Elytron vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Wildfly Elytron Security Vulnerabilities
A flaw was found in WildFly Elytron
5.4 - Medium
- April 18, 2022
A flaw was found in WildFly Elytron. A variation to the use of a session fixation exploit when using Undertow was found despite Undertow switching the session ID after authentication.
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final
5.3 - Medium
- August 05, 2021
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Side Channel Attack
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001
7.5 - High
- September 16, 2020
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.