VulnerableCode Package Details - pkg:rpm/redhat/eap7-velocity@2.2.0-1.redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-1c9m-r4kk-nkfd Aliases: CVE-2020-14299	picketbox: JBoss EAP reload to admin-only mode allows authentication bypass	There are no reported fixed by versions.
VCID-8hsw-4ape-juhv Aliases: CVE-2020-14340 GHSA-c738-77x8-wmq5	Uncontrolled Resource Consumption in XNIO A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.	There are no reported fixed by versions.
VCID-j9hd-d2ga-rue6 Aliases: CVE-2020-14338 GHSA-w4jq-qh47-hvjq	wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl	There are no reported fixed by versions.
VCID-yx2m-gy8h-j7cj Aliases: CVE-2020-1954 GHSA-ffm7-7r8g-77xm	cxf: JMX integration is vulnerable to a MITM attack	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1c9m-r4kk-nkfd
Aliases:
CVE-2020-14299

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

There are no reported fixed by versions.

VCID-8hsw-4ape-juhv
Aliases:
CVE-2020-14340
GHSA-c738-77x8-wmq5

Uncontrolled Resource Consumption in XNIO A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

There are no reported fixed by versions.

VCID-j9hd-d2ga-rue6
Aliases:
CVE-2020-14338
GHSA-w4jq-qh47-hvjq

wildfly: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl

There are no reported fixed by versions.

VCID-yx2m-gy8h-j7cj
Aliases:
CVE-2020-1954
GHSA-ffm7-7r8g-77xm

cxf: JMX integration is vulnerable to a MITM attack

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-29T09:24:00.778903+00:00	RedHat Importer	Affected by	VCID-yx2m-gy8h-j7cj	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1954.json	38.6.0
2026-05-29T09:20:08.283988+00:00	RedHat Importer	Affected by	VCID-8hsw-4ape-juhv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14340.json	38.6.0
2026-05-29T09:19:28.886828+00:00	RedHat Importer	Affected by	VCID-j9hd-d2ga-rue6	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14338.json	38.6.0
2026-05-29T09:18:50.471697+00:00	RedHat Importer	Affected by	VCID-1c9m-r4kk-nkfd	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14299.json	38.6.0