{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79454?format=json","vulnerability_id":"VCID-v45q-vzz5-4bgd","summary":"wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled","aliases":[{"alias":"CVE-2022-0866"}],"fixed_packages":[],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99019?format=json","purl":"pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1?arch=el8eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e37q-8shh-v7aw"},{"vulnerability":"VCID-v45q-vzz5-4bgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1%3Farch=el8eap"},{"url":"http://public2.vulnerablecode.io/api/packages/99018?format=json","purl":"pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1?arch=el7eap","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e37q-8shh-v7aw"},{"vulnerability":"VCID-v45q-vzz5-4bgd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap7-wildfly@7.4.5-3.GA_redhat_00001.1%3Farch=el7eap"},{"url":"http://public2.vulnerablecode.io/api/packages/98047?format=json","purl":"pkg:rpm/redhat/rh-sso7@1-5?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tzs-qhg5-rbbe"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-sk2v-nmmr-h7d1"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-zy5r-wxv8-g3e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7@1-5%3Farch=el9sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98052?format=json","purl":"pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-sk2v-nmmr-h7d1"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-zy5r-wxv8-g3e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-javapackages-tools@6.0.0-7%3Farch=el9sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98051?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1?arch=el8sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1%3Farch=el8sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98048?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1?arch=el7sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-cabc-jrpz-vuad"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@15.0.8-1.redhat_00001.1%3Farch=el7sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98049?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1?arch=el8sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tzs-qhg5-rbbe"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-sk2v-nmmr-h7d1"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-zy5r-wxv8-g3e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1%3Farch=el8sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98046?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1?arch=el9sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tzs-qhg5-rbbe"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-sk2v-nmmr-h7d1"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-zy5r-wxv8-g3e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1%3Farch=el9sso"},{"url":"http://public2.vulnerablecode.io/api/packages/98050?format=json","purl":"pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1?arch=el7sso","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5tzs-qhg5-rbbe"},{"vulnerability":"VCID-7z49-f322-n7g8"},{"vulnerability":"VCID-93ut-2de3-ckc5"},{"vulnerability":"VCID-e3vc-jpft-gye7"},{"vulnerability":"VCID-jstt-6zs3-ybew"},{"vulnerability":"VCID-n23y-qjaf-tfcm"},{"vulnerability":"VCID-sk2v-nmmr-h7d1"},{"vulnerability":"VCID-swu5-a9h5-ffex"},{"vulnerability":"VCID-v45q-vzz5-4bgd"},{"vulnerability":"VCID-v6ek-y7cn-kycd"},{"vulnerability":"VCID-zy5r-wxv8-g3e8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-sso7-keycloak@18.0.3-1.redhat_00001.1%3Farch=el7sso"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0866.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0866","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50524","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50581","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50608","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50561","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50615","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50612","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50655","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50618","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.5066","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50665","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50644","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50592","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.506","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50554","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50477","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50531","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50514","published_at":"2026-05-11T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50545","published_at":"2026-05-12T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50622","published_at":"2026-05-14T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50635","published_at":"2026-05-15T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50637","published_at":"2026-05-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060929","reference_id":"2060929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2060929"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4918","reference_id":"RHSA-2022:4918","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4918"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4919","reference_id":"RHSA-2022:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:4922","reference_id":"RHSA-2022:4922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:4922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6782","reference_id":"RHSA-2022:6782","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6783","reference_id":"RHSA-2022:6783","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6783"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6787","reference_id":"RHSA-2022:6787","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7409","reference_id":"RHSA-2022:7409","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7409"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7410","reference_id":"RHSA-2022:7410","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7410"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7411","reference_id":"RHSA-2022:7411","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7411"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7417","reference_id":"RHSA-2022:7417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7417"}],"weaknesses":[{"cwe_id":863,"name":"Incorrect Authorization","description":"The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions."},{"cwe_id":1220,"name":"Insufficient Granularity of Access Control","description":"The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets."}],"exploits":[],"severity_range_score":"3.1 - 3.1","exploitability":"0.5","weighted_severity":"2.8","risk_score":1.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v45q-vzz5-4bgd"}