Skip to main content

Data Grid

16 CVEs product

Monthly

CVE-2025-12543 Maven CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Process Automation Jboss Enterprise Application Platform Expansion Pack Jboss Enterprise Application Platform +5
NVD VulDB
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-5731 Maven MEDIUM PATCH This Month

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Information Disclosure Kubernetes Data Grid Infinispan Jboss Enterprise Application Platform +2
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23368 Maven HIGH POC PATCH This Week

A flaw was found in Wildfly Elytron integration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wildfly Core Data Grid Jboss Enterprise Application Platform
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-7885 Maven HIGH PATCH This Week

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Build Of Apache Camel Hawtio Build Of Apache Camel For Spring Boot Build Of Keycloak +6
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-5384 Maven LOW PATCH Monitor

A flaw was found in Infinispan. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid Infinispan
NVD
CVSS 3.1
2.7
EPSS
0.5%
CVE-2023-5236 Maven MEDIUM PATCH This Month

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Data Grid Jboss Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-3629 Maven MEDIUM PATCH This Month

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid Jboss Enterprise Application Platform Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-3628 Maven MEDIUM PATCH This Month

A flaw was found in Infinispan's REST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Data Grid Jboss Enterprise Application Platform Data Grid Infinispan
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-4586 HIGH This Week

A vulnerability was found in the Hot Rod client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Data Grid Hot Rod
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2021-31917 CRITICAL Act Now

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Infinispan Server Rest Data Grid
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-3642 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus Codeready Studio Data Grid +9
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-3536 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid Descision Manager Integration Camel K +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-25711 Maven MEDIUM PATCH This Month

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Data Grid Active Iq Unified Manager
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2020-25644 Maven HIGH PATCH This Week

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Wildfly Openssl Data Grid Jboss Data Grid +7
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-14838 Maven MEDIUM PATCH This Month

A flaw was found in wildfly-core before 7.2.5.GA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wildfly Core Jboss Enterprise Application Platform Single Sign On Data Grid
NVD
CVSS 3.1
4.9
EPSS
1.1%
CVE-2015-7501 Maven CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
EPSS 0% CVSS 9.6
CRITICAL PATCH Act Now

Undertow HTTP server (used in WildFly, JBoss EAP) fails to validate Host headers, enabling cache poisoning, internal network scanning, and session hijacking. Affects a widely-used Java application server component.

Java Information Disclosure Process Automation +7
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.

Information Disclosure Kubernetes Data Grid +4
NVD GitHub
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

A flaw was found in Wildfly Elytron integration. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Wildfly Core Data Grid +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Race Condition Information Disclosure Build Of Apache Camel Hawtio +8
NVD
EPSS 1% CVSS 2.7
LOW PATCH Monitor

A flaw was found in Infinispan. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Data Grid Jboss Data Grid +1
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in Infinispan's REST, Cache retrieval endpoints do not properly evaluate the necessary admin permissions for the operation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Data Grid Jboss Data Grid +2
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in Infinispan's REST. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Jboss Data Grid Jboss Enterprise Application Platform +2
NVD
EPSS 0% CVSS 7.4
HIGH This Week

A vulnerability was found in the Hot Rod client. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Data Grid Hot Rod
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

A flaw was found in Red Hat DataGrid 8.x (8.0.0, 8.0.1, 8.1.0 and 8.1.1) and Infinispan (10.0.0 through 12.0.0). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Authentication Bypass Infinispan Server Rest +1
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus +11
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid +7
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Infinispan Data Grid +1
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

OpenSSL Denial Of Service Wildfly Openssl +9
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

A flaw was found in wildfly-core before 7.2.5.GA. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Wildfly Core Jboss Enterprise Application Platform +2
NVD
EPSS 71% 4.1 CVSS 9.8
CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java +16
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy