Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Data_grid
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-08-21 | CVE-2024-7885 | A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the same StringBuilder instance, potentially leading to information leakage between requests or responses. In some cases, a value from a previous request or response may be erroneously reused, which... | Build_of_apache_camel_\-_hawtio, Build_of_apache_camel_for_spring_boot, Build_of_keycloak, Data_grid, Integration_camel_k, Jboss_enterprise_application_platform, Jboss_fuse, Process_automation, Single_sign\-On | 7.5 | ||
| 2020-10-06 | CVE-2020-25644 | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. It may allow the attacker to cause OOM leading to a denial of service. The highest threat from this vulnerability is to system availability. | Oncommand_insight, Oncommand_workflow_automation, Service_level_manager, Data_grid, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_application_runtimes, Single_sign\-On, Wildfly_openssl | 7.5 | ||
| 2020-12-03 | CVE-2020-25711 | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. | Infinispan, Active_iq_unified_manager, Data_grid | 6.5 | ||
| 2021-05-20 | CVE-2021-3536 | A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | Build_of_quarkus, Data_grid, Descision_manager, Integration_camel_k, Integration_camel_quarkus, Integration_service_registry, Jboss_a\-Mq, Jboss_enterprise_application_platform, Wildfly | 4.8 |