Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Jboss Data Grid

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10158 2 Infinispan, Redhat 2 Infinispan, Jboss Data Grid 2023-12-27 7.5 HIGH 9.8 CRITICAL
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.
CVE-2019-10212 2 Netapp, Redhat 8 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 5 more 2022-02-20 4.3 MEDIUM 9.8 CRITICAL
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.
CVE-2019-3888 2 Netapp, Redhat 7 Active Iq Unified Manager, Enterprise Linux, Jboss Data Grid and 4 more 2022-02-20 5.0 MEDIUM 9.8 CRITICAL
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUEST_LOGGER.undertowRequestFailed(t, exchange)
CVE-2019-14887 1 Redhat 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Fuse and 3 more 2021-11-02 6.4 MEDIUM 9.1 CRITICAL
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version of TLS, potentially breaking the encryption. This could lead to a leak of the data being passed over the network. Wildfly version 7.2.0.GA, 7.2.3.GA and 7.2.5.CR2 are believed to be vulnerable.
CVE-2019-14892 2 Fasterxml, Redhat 7 Jackson-databind, Decision Manager, Jboss Data Grid and 4 more 2020-09-04 7.5 HIGH 9.8 CRITICAL
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.