Description
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before wildfly 20.0.0.Final are affected.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1796617
Related Vulnerabilities
CVE-2022-26884 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-server
CVE-2020-2257 Vulnerability in maven package org.jenkins-ci.plugins:validating-string-parameter
CVE-2023-26107 Vulnerability in npm package sketchsvg
CVE-2019-10172 Vulnerability in maven package org.codehaus.jackson:jackson-mapper-asl
CVE-2018-1000194 Vulnerability in maven package org.jenkins-ci.main:jenkins-core