Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
karaf vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-40145
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) with...
Apache Karaf
9.8
CVSSv3
CVE-2018-11788
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation c...
Apache Karaf 4.2.0
Apache Karaf
2 Github repositories
9.8
CVSSv3
CVE-2015-1778
The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before Helium SR3 will authenticate any username and password combination.
Opendaylight Opendaylight -
8.8
CVSSv3
CVE-2018-11786
In Apache Karaf before 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can b...
Apache Karaf
8.8
CVSSv3
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote malicious users to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
8.1
CVSSv3
CVE-2021-41766
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against...
Apache Karaf
8.1
CVSSv3
CVE-2020-28052
An issue exists in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.66
Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.65
Apache Karaf 4.3.2
Oracle Peoplesoft Enterprise Peopletools 8.56
Oracle Webcenter Portal 12.2.1.3.0
Oracle Webcenter Portal 11.1.1.9.0
Oracle Peoplesoft Enterprise Peopletools 8.57
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Peoplesoft Enterprise Peopletools 8.58
Oracle Webcenter Portal 12.2.1.4.0
Oracle Utilities Framework 4.4.0.2.0
Oracle Banking Extensibility Workbench 14.3.0
Oracle Banking Virtual Account Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Communications Messaging Server 8.1
Oracle Commerce Guided Search 11.3.2
Oracle Communications Messaging Server 8.0.2
Oracle Utilities Framework 4.4.0.3.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
Oracle Communications Pricing Design Center 12.0.0.3.0
2 Github repositories
8.1
CVSSv3
CVE-2018-11787
In Apache Karaf version before 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of ...
Apache Karaf
Apache Karaf 4.0.0
7.5
CVSSv3
CVE-2017-1000406
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. via restart).
Opendaylight Karaf 0.6.1-carbon
6.6
CVSSv3
CVE-2016-3129
A remote shell execution vulnerability in the BlackBerry Good Enterprise Mobility Server (GEMS) implementation of the Apache Karaf command shell in GEMS versions 2.1.5.3 to 2.2.22.25 allows remote malicious users to obtain local administrator rights on the GEMS server via command...
Blackberry Good Enterprise Mobility Server
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserialization
CVE-2024-4040
cross-site scripting
CVE-2023-25790
CVE-2024-2961
XML external entity
CVE-2024-26926
CVE-2024-32806
CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »