REDHAT-BUG-2337621
First published: Tue Jan 14 2025(Updated: )
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Network access to any of WildFly or JBoss EAP’s exposed ports which require either HTTP or SASL authentication.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WildFly | ||
| Red Hat JBoss Enterprise Application Platform |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2337621?
REDHAT-BUG-2337621 is classified as a moderate vulnerability due to its potential to allow brute force attacks.
How do I fix REDHAT-BUG-2337621?
To fix REDHAT-BUG-2337621, implement account lockout mechanisms and rate limiting for authentication attempts.
What products are affected by REDHAT-BUG-2337621?
REDHAT-BUG-2337621 affects Red Hat WildFly and JBoss EAP applications.
How can I mitigate risks associated with REDHAT-BUG-2337621?
Mitigating risks for REDHAT-BUG-2337621 involves using strong passwords and enabling two-factor authentication.
What types of attacks are possible due to REDHAT-BUG-2337621?
REDHAT-BUG-2337621 makes the affected products vulnerable to brute force attacks via the CLI.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2025-23368
- agent/references
- agent/source
- agent/last-modified-date
- agent/severity
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- vendor/red hat
- canonical/wildfly
- canonical/red hat jboss enterprise application platform