Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/25872?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25872?format=api", "vulnerability_id": "VCID-aqrs-a7v7-6kfh", "summary": "WildFly improper RBAC permission\nA flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action.\n\n### Impact\nStandalone server (Domain mode is not affected) with use access control enabled with RBAC provider can be suspended or resumed by unauthorized users. When a server is suspended, the server will stop receiving user requests. The resume handle does the opposite; it will cause a suspended server to start accepting user requests.\n\n### Patches\nFixed in [WildFly Core 27.0.1.Final](https://github.com/wildfly/wildfly-core/releases/tag/27.0.1.Final)\n\n### Workarounds\nNo workaround available\n\n### References\nSee also: https://issues.redhat.com/browse/WFCORE-7153\n\n### Acknowledgements\nThe WildFly project would like to thank Claudia Bartolini (TIM S.p.A), Marco Ventura (TIM S.p.A), and Massimiliano Brolli (TIM S.p.A) for reporting this issue. https://www.gruppotim.it/it/footer/red-team.html", "aliases": [ { "alias": "CVE-2025-23367" }, { "alias": "GHSA-qr6x-62gq-4ccp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69159?format=api", "purl": "pkg:maven/org.wildfly.core/wildfly-server@27.0.1.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@27.0.1.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/69161?format=api", "purl": "pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69160?format=api", "purl": "pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.wildfly.core/wildfly-server@28.0.0.Beta1" }, { "url": "http://public2.vulnerablecode.io/api/packages/89927?format=api", "purl": "pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89882?format=api", "purl": "pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89896?format=api", "purl": "pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty@4.1.119-1.Final_redhat_00004.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89883?format=api", "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89919?format=api", "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89900?format=api", "purl": "pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-netty-transport-native-epoll@4.1.119-1.Final_redhat_00004.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89898?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89917?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/89936?format=api", "purl": "pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1?arch=el7eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1j1w-c84m-b3h3" }, { "vulnerability": "VCID-5vth-uvb8-kke2" }, { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-epex-9q5x-ykf3" }, { "vulnerability": "VCID-myp6-7rre-euex" }, { "vulnerability": "VCID-pwnn-qx48-ykae" }, { "vulnerability": "VCID-tp3n-7ac7-aqg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.21-3.GA_29548_redhat_00001.1%3Farch=el7eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587080?format=api", "purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587069?format=api", "purl": "pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-apache-commons-io@2.16.1-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587064?format=api", "purl": "pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587076?format=api", "purl": "pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-bouncycastle@1.80.0-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587068?format=api", "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587078?format=api", "purl": "pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-eap-product-conf-parent@800.7.0-2.GA_redhat_00002.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587065?format=api", "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587073?format=api", "purl": "pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-hibernate@6.2.35-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587063?format=api", "purl": "pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587077?format=api", "purl": "pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-ironjacamar@3.0.13-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587067?format=api", "purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587079?format=api", "purl": "pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jakarta-enterprise-concurrent@3.0.1-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587082?format=api", "purl": "pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587072?format=api", "purl": "pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-jsf-impl@4.0.11-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587071?format=api", "purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587074?format=api", "purl": "pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactive-streams@1.0.4-3.redhat_00004.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587075?format=api", "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587066?format=api", "purl": "pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-reactivex-rxjava@3.1.10-1.redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587081?format=api", "purl": "pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/587070?format=api", "purl": "pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-weld-core@5.1.5-1.Final_redhat_00001.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/91397?format=api", "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1%3Farch=el8eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/91396?format=api", "purl": "pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly@8.0.7-3.GA_redhat_00004.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/91793?format=api", "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1?arch=el9eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1%3Farch=el9eap" }, { "url": "http://public2.vulnerablecode.io/api/packages/91792?format=api", "purl": "pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1?arch=el8eap", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aqrs-a7v7-6kfh" }, { "vulnerability": "VCID-rkxb-8u8q-1ua4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-wildfly-elytron@2.2.9-1.Final_redhat_00001.1%3Farch=el8eap" } ], "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3465", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3467", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3989", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3989" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3990", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3990" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3992", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:3992" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4548", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4549", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4550", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:4552", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2025:4552" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23367.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23367.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-23367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-23367" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23367", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42034", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42025", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42053", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41991", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42041", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42075", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42036", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42012", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42061", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23367" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337620", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2337620" }, { "reference_url": "https://github.com/wildfly/wildfly-core", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wildfly/wildfly-core" }, { "reference_url": "https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qr6x-62gq-4ccp", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/wildfly/wildfly-core/security/advisories/GHSA-qr6x-62gq-4ccp" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23367", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23367" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:", "reference_id": "cpe:/a:redhat:build_keycloak:", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:build_keycloak:" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7", "reference_id": "cpe:/a:redhat:jboss_data_grid:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8", "reference_id": "cpe:/a:redhat:jboss_data_grid:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_data_grid:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp", "reference_id": "cpe:/a:redhat:jbosseapxp", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jbosseapxp" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_id": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_id": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7", "reference_id": "cpe:/a:redhat:jboss_fuse:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:jboss_fuse:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7", "reference_id": "cpe:/a:redhat:red_hat_single_sign_on:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:red_hat_single_sign_on:7" }, { "reference_url": "https://github.com/advisories/GHSA-qr6x-62gq-4ccp", "reference_id": "GHSA-qr6x-62gq-4ccp", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-30T14:54:55Z/" } ], "url": "https://github.com/advisories/GHSA-qr6x-62gq-4ccp" } ], "weaknesses": [ { "cwe_id": 284, "name": "Improper Access Control", "description": "The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqrs-a7v7-6kfh" }