CVE-2025-23367

< 27.0.1

A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operati

6.5MEDIUM

CVE-2022-1278

< 27.0.0

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may conta

7.5HIGH

CVE-2021-3644

all versions

A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multipl

3.3LOW

CVE-2022-0866

>= 11.0.0 and < 26.1.1

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that i

5.3MEDIUM

CVE-2021-3503

< 23.0.1

A flaw was found in Wildfly where insufficient RBAC restrictions may lead to expose metrics data. The highest threat from this vul

4.3MEDIUM

CVE-2020-1719

< 20.0.0

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Dom

5.4MEDIUM

CVE-2020-14317

all versions

It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Pl

5.5MEDIUM

CVE-2021-3536

< 23.0.2

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is

4.8MEDIUM

CVE-2020-27822

all versions

A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an a

5.9MEDIUM

CVE-2020-25640

< 21.0.0

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on conn

5.3MEDIUM

CVE-2020-25689

<= 21.0.0

A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tries to reconnect in a loop, ge

5.3MEDIUM

CVE-2020-10718

< 13.0.0

A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of

7.5HIGH

CVE-2020-10740

< 20.0.0

A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization attack is possible in the Ent

6.6MEDIUM

CVE-2019-14887

all versions

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuratio

9.1CRITICAL

CVE-2019-3894

>= 11.0.0 and <= 16.0.0

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity

8.8HIGH

CVE-2019-3805

<= 16.0.0

A flaw was discovered in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to

4.7MEDIUM

CVE-2018-14627

< 14.0.0

The IIOP OpenJDK Subsystem in WildFly before version 14.0.0 does not honour configuration when SSL transport is required. Servers

5.3MEDIUM

CVE-2018-10683

all versions

An issue was discovered in WildFly 10.1.2.Final. In the case of a default installation without a security realm reference, an atta

9.8CRITICAL

CVE-2018-10682

all versions

An issue was discovered in WildFly 10.1.2.Final. It is possible for an attacker to access the administration panel on TCP port 999

9.8CRITICAL