Information Disclosure

2022-03-1410:48:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

35.0%

JSON

org.wildfly.transaction:wildfly-transaction-client is vulnerable to information disclosure. A remote unauthenticated attacker is able to cause a memory leak by using UserTransaction repeatedly causing sensitive information leakage.

CPENameOperatorVersion
wildfly transaction clientle2.0.0.Final
wildfly transaction clientle2.0.0.Final
eap7-jackson-coreeq2.10.3__1.redhat_00001.1.el7eap
eap7-jackson-coreeq2.9.5__2.redhat_2.1.el7eap
eap7-jackson-coreeq2.9.10__1.redhat_00003.1.el7eap
eap7-jackson-coreeq2.10.4__1.redhat_00002.1.el7eap
eap7-jackson-coreeq2.12.1__1.redhat_00001.1.el7eap
eap7-jackson-coreeq2.9.8__2.redhat_00004.1.el7eap
eap7-jackson-coreeq2.10.0__1.redhat_00002.1.el8eap
eap7-jackson-coreeq2.10.4__1.redhat_00002.1.el8eap

Name	Operator	Version
wildfly transaction client	le	2.0.0.Final
wildfly transaction client	le	2.0.0.Final
eap7-jackson-core	eq	2.10.3__1.redhat_00001.1.el7eap
eap7-jackson-core	eq	2.9.5__2.redhat_2.1.el7eap
eap7-jackson-core	eq	2.9.10__1.redhat_00003.1.el7eap
eap7-jackson-core	eq	2.10.4__1.redhat_00002.1.el7eap
eap7-jackson-core	eq	2.12.1__1.redhat_00001.1.el7eap
eap7-jackson-core	eq	2.9.8__2.redhat_00004.1.el7eap
eap7-jackson-core	eq	2.10.0__1.redhat_00002.1.el8eap
eap7-jackson-core	eq	2.10.4__1.redhat_00002.1.el8eap