Search for packages
| purl | pkg:rpm/redhat/eap7-wildfly@7.4.1-2.GA_redhat_00003.1?arch=el8eap |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 1.7 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ft9p-n5ew-abbf
Aliases: CVE-2021-3536 GHSA-v2wx-jj66-2hp7 |
Cross-site Scripting in Wildfly A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | There are no reported fixed by versions. |
|
VCID-ppap-96ds-9ygc
Aliases: CVE-2021-3644 GHSA-w88m-2936-rmxr |
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:02:33.050451+00:00 | RedHat Importer | Affected by | VCID-ft9p-n5ew-abbf | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3536.json | 38.0.0 |
| 2026-04-01T14:01:52.855417+00:00 | RedHat Importer | Affected by | VCID-ppap-96ds-9ygc | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3644.json | 38.0.0 |