VYPR

EAP 7

by Red Hat

CVEs (3)

  • CVE-2017-12167MedJul 26, 2018
    risk 0.36cvss 5.5epss 0.00

    It was found in EAP 7 before 7.0.9 that properties based files of the management and the application realm configuration that contain user to role mapping are world readable allowing access to users and roles information to all the users logged in to the system.

  • CVE-2016-7061LowSep 10, 2018
    risk 0.23cvss 3.5epss 0.02

    An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

  • CVE-2023-3171Dec 27, 2023
    risk 0.00cvss epss 0.01

    A flaw was found in EAP-7 during deserialization of certain classes, which permits instantiation of HashMap and HashTable with no checks on resources consumed. This issue could allow an attacker to submit malicious requests using these classes, which could eventually exhaust the…