Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jolokia jolokia vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32114
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with th...
8.8
CVSSv3
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to cr...
Apache Activemq
7.5
CVSSv3
CVE-2023-31444
In Talend Studio prior to 7.3.1-R2022-10 and 8.x prior to 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
Talend Studio
9.1
CVSSv3
CVE-2021-40684
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or...
Talend Esb Runtime
9.1
CVSSv3
CVE-2019-12124
An issue exists in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.
Onap Open Network Automation Platform
8.8
CVSSv3
CVE-2018-10899
A flaw was found in Jolokia versions from 1.2 to prior to 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
Jolokia Jolokia
Redhat Openstack 13
8.8
CVSSv3
CVE-2015-5182
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
Redhat Amq -
NA
CVE-2014-0168
Cross-site request forgery (CSRF) vulnerability in Jolokia prior to 1.2.1 allows remote malicious users to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
Jolokia Jolokia 1.0.2
Jolokia Jolokia 1.0.1
Jolokia Jolokia 1.0.0
Jolokia Jolokia 1.1.5
Jolokia Jolokia 1.1.0
Jolokia Jolokia 1.0.5
Jolokia Jolokia 1.0.3
Jolokia Jolokia 1.1.4
Jolokia Jolokia 1.1.3
Jolokia Jolokia 1.1.2
Jolokia Jolokia 1.1.1
Jolokia Jolokia
Jolokia Jolokia 1.0.6
Jolokia Jolokia 1.0.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started