Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-4061 | 1 Redhat | 3 Enterprise Linux, Jboss Enterprise Application Platform, Wildfly Core | 2023-11-16 | N/A | 6.5 MEDIUM |
| A flaw was found in wildfly-core. A management user could use the resolve-expression in the HAL Interface to read possible sensitive information from the Wildfly system. This issue could allow a malicious user to access the system and obtain possible sensitive information from the system. | |||||
| CVE-2019-14838 | 1 Redhat | 5 Data Grid, Enterprise Linux, Jboss Enterprise Application Platform and 2 more | 2020-10-13 | 4.0 MEDIUM | 4.9 MEDIUM |
| A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server | |||||
| CVE-2018-10862 | 1 Redhat | 4 Enterprise Linux, Jboss Enterprise Application Platform, Virtualization and 1 more | 2019-04-26 | 4.9 MEDIUM | 5.5 MEDIUM |
| WildFly Core before version 6.0.0.Alpha3 does not properly validate file paths in .war archives, allowing for the extraction of crafted .war archives to overwrite arbitrary files. This is an instance of the 'Zip Slip' vulnerability. | |||||