The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

eDeploy has tmp file race condition flaws

eDeploy has RCE via cPickle deserialization of untrusted data

An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies

eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.

Console: CORS headers set to allow all in Red Hat AMQ.

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.