: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.
No action Required: These vulnerabilities do not affect FNMEA since it's a pure on-prem product (with no connections to the internet).
“ Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity” – Medium & Low
No action Required: This will not be an impact on the product since we don't have internet access externally from the wildfly server. The solution is a pure on-premise one.
Open SSL Library:
FNMEA 2021 R1 uses OpenSSL 1.1.0 which comes with Wild fly 20.0.1. The FNMEA engineering team will look for any open-source library vulnerabilities.
FNMEA 2021 uses JavaService 2.0.9 (Windows NT Service Daemon for Java applications). The FNMEA engineering team will watch out for this space if this library is completely out of support from the community.
Nov 12, 202110:23 AM - edited Nov 30, 202101:39 PM