threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat jboss data grid
Product
redhat jboss data grid
25 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-5384
all versions
A flaw was found in Infinispan. When serializing the configuration for a cache to XML/JSON/YAML, which contains credentials (JDBC
7.2
HIGH
CVE-2023-5236
all versions
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker wit
4.4
MEDIUM
CVE-2023-3629
all versions
A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the
4.3
MEDIUM
CVE-2023-3628
all versions
A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the operation. This issue
6.5
MEDIUM
CVE-2023-44487
all versions
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2022-1271
all versions
An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file n
8.8
HIGH
CVE-2021-4104
all versions
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config
7.5
HIGH
CVE-2020-14340
all versions
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between g
5.9
MEDIUM
CVE-2020-25689
all versions
A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, ge
5.3
MEDIUM
CVE-2020-25644
all versions
A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow t
7.5
HIGH
CVE-2020-1710
all versions
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instea
5.3
MEDIUM
CVE-2019-14900
all versions
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the
6.5
MEDIUM
CVE-2020-1757
all versions
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions p
8.1
HIGH
CVE-2019-14887
all versions
A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuratio
9.1
CRITICAL
CVE-2019-14892
all versions
A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deser
9.8
CRITICAL
CVE-2019-14888
all versions
A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can targe
7.5
HIGH
CVE-2019-10158
all versions
A flaw was found in Infinispan through version 9.4.14.Final. An improper implementation of the session fixation protection in the
9.8
CRITICAL
CVE-2019-10174
all versions
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any appl
8.8
HIGH
CVE-2019-10219
all versions
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting
6.1
MEDIUM
CVE-2019-10212
>= 7.0.0 and <= 7.3
A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could a
9.8
CRITICAL
CVE-2019-10184
all versions
undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures pred
7.5
HIGH
CVE-2019-3888
all versions
A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log file
9.8
CRITICAL
CVE-2017-2638
all versions
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use
6.5
MEDIUM
CVE-2018-1131
all versions
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A us
8.8
HIGH
CVE-2016-4970
all versions
handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin