org.wildfly:wildfly-ejb3 8.0.0.Alpha4 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.wildfly:wildfly-ejb3 package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Improper Access Control org.wildfly:wildfly-ejb3 is a WildFly Application Server Affected versions of this package are vulnerable to Improper Access Control when returning an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have. Note: JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box. How to fix Improper Access Control? Upgrade `org.wildfly:wildfly-ejb3` to version 26.1.1.Final, 27.0.0.Alpha2 or higher.	[,26.1.1.Final)[27.0.0.Alpha1,27.0.0.Alpha2)
M Access Restriction Bypass org.wildfly:wildfly-ejb3 is a WildFly Application Server Affected versions of this package are vulnerable to Access Restriction Bypass. The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. How to fix Access Restriction Bypass? Upgrade `org.wildfly:wildfly-ejb3` to version 8.0.0.CR1 or higher.	[8.0.0.Alpha1,8.0.0.CR1)
M Access Restriction Bypass org.wildfly:wildfly-ejb3 is a WildFly Application Server Affected versions of this package are vulnerable to Access Restriction Bypass. The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133. How to fix Access Restriction Bypass? Upgrade `org.wildfly:wildfly-ejb3` to version 8.1.0.CR1 or higher.	[8.0.0.Alpha1,8.1.0.CR1)

Vulnerability

Vulnerable Version

Improper Access Control

org.wildfly:wildfly-ejb3 is a WildFly Application Server

Affected versions of this package are vulnerable to Improper Access Control when returning an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.

Note: JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box.

How to fix Improper Access Control?

Upgrade org.wildfly:wildfly-ejb3 to version 26.1.1.Final, 27.0.0.Alpha2 or higher.

[,26.1.1.Final)[27.0.0.Alpha1,27.0.0.Alpha2)

Access Restriction Bypass

org.wildfly:wildfly-ejb3 is a WildFly Application Server

Affected versions of this package are vulnerable to Access Restriction Bypass. The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

How to fix Access Restriction Bypass?

Upgrade org.wildfly:wildfly-ejb3 to version 8.0.0.CR1 or higher.

[8.0.0.Alpha1,8.0.0.CR1)

Access Restriction Bypass

org.wildfly:wildfly-ejb3 is a WildFly Application Server

Affected versions of this package are vulnerable to Access Restriction Bypass. The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2133.

How to fix Access Restriction Bypass?

Upgrade org.wildfly:wildfly-ejb3 to version 8.1.0.CR1 or higher.

[8.0.0.Alpha1,8.1.0.CR1)

org.wildfly:wildfly-ejb3@8.0.0.Alpha4 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?