Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

redhat jboss enterprise application platform 7.4.0 vulnerabilities and exploits

(subscribe to this query)
6.5
CVSSv2
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
Redhat Jboss Enterprise Application Platform 7.3.9Redhat Jboss Enterprise Application Platform 7.4.0
4.7
CVSSv2
CVE-2019-3805
A flaw exists in wildfly versions up to 16.0.0.Final that would allow local users who are able to execute init.d script to terminate arbitrary processes on the system. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing the init.d script to te...
Redhat WildflyRedhat Jboss Enterprise Application Platform 7.0.0Redhat Jboss Enterprise Application Platform 6.0.0
5.1
CVSSv2
CVE-2018-12022
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provi...
Fasterxml Jackson-databindDebian Debian Linux 9.0Fedoraproject Fedora 29Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Retail Merchandising System 15.0Redhat Openshift Container Platform 3.11Redhat Jboss Enterprise Application Platform 7.2.0Redhat Single Sign-on 7.3Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
5.1
CVSSv2
CVE-2018-12023
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possi...
Fasterxml Jackson-databindDebian Debian Linux 9.0Fedoraproject Fedora 29Oracle Jd Edwards Enterpriseone Tools 9.2Oracle Retail Merchandising System 15.0Redhat Openshift Container Platform 3.11Redhat Jboss Enterprise Application Platform 7.2.0Redhat Single Sign-on 7.3Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
7.5
CVSSv2
CVE-2018-19360
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
7.5
CVSSv2
CVE-2018-19361
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Debian Debian Linux 9.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
7.5
CVSSv2
CVE-2018-19362
FasterXML jackson-databind 2.x prior to 2.9.8 might allow malicious users to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.
Fasterxml Jackson-databindDebian Debian Linux 8.0Oracle Primavera Unifier 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 16.2Oracle Primavera P6 Enterprise Project Portfolio Management 15.1Oracle Primavera Unifier 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 16.1Oracle Primavera P6 Enterprise Project Portfolio Management 15.2Oracle Webcenter Portal 12.2.1.3.0Oracle Business Process Management Suite 12.1.3.0.0Oracle Business Process Management Suite 12.2.1.3.0Oracle Primavera P6 Enterprise Project Portfolio ManagementOracle Primavera P6 Enterprise Project Portfolio Management 18.8Oracle Primavera Unifier 18.8Oracle Retail Workforce Management Software 1.60.9.0.0Oracle Primavera UnifierRedhat Openshift Container Platform 3.11Redhat Jboss Bpm Suite 6.4.11Redhat Jboss Brms 6.4.10Redhat Automation Manager 7.3.1Redhat Decision Manager 7.3.1
7.5
CVSSv2
CVE-2018-14721
FasterXML jackson-databind 2.x prior to 2.9.7 might allow remote malicious users to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.
Fasterxml Jackson-databind 2.7.0Fasterxml Jackson-databindFasterxml Jackson-databind 2.8.0Fasterxml Jackson-databind 2.9.0Debian Debian Linux 8.0Debian Debian Linux 9.0Oracle Primavera Unifier 16.2Oracle Banking Platform 2.5.0Oracle Primavera Unifier 16.1Oracle Jdeveloper 12.1.3.0.0Oracle Retail Merchandising System 16.0Oracle Webcenter Portal 12.2.1.3.0Oracle Primavera UnifierOracle Communications Billing And Revenue Management 7.5Oracle Communications Billing And Revenue Management 12.0Oracle Financial Services Analytical Applications Infrastructure 8.0.2Oracle Financial Services Analytical Applications Infrastructure 8.0.3Oracle Financial Services Analytical Applications Infrastructure 8.0.4Oracle Financial Services Analytical Applications Infrastructure 8.0.5Oracle Financial Services Analytical Applications Infrastructure 8.0.6Oracle Financial Services Analytical Applications Infrastructure 8.0.7Oracle Banking Platform 2.6.0
7.5
CVSSv2
CVE-2018-14720
FasterXML jackson-databind 2.x prior to 2.9.7 might allow malicious users to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.
Fasterxml Jackson-databind 2.7.0Fasterxml Jackson-databindFasterxml Jackson-databind 2.8.0Fasterxml Jackson-databind 2.9.0Debian Debian Linux 8.0Debian Debian Linux 9.0Oracle Primavera Unifier 16.2Oracle Banking Platform 2.5.0Oracle Primavera Unifier 16.1Oracle Jdeveloper 12.1.3.0.0Oracle Retail Merchandising System 16.0Oracle Webcenter Portal 12.2.1.3.0Oracle Primavera UnifierOracle Communications Billing And Revenue Management 7.5Oracle Communications Billing And Revenue Management 12.0Oracle Financial Services Analytical Applications Infrastructure 8.0.2Oracle Financial Services Analytical Applications Infrastructure 8.0.3Oracle Financial Services Analytical Applications Infrastructure 8.0.4Oracle Financial Services Analytical Applications Infrastructure 8.0.5Oracle Financial Services Analytical Applications Infrastructure 8.0.6Oracle Financial Services Analytical Applications Infrastructure 8.0.7Oracle Banking Platform 2.6.0
7.5
CVSSv2
CVE-2018-11307
An issue exists in FasterXML jackson-databind 2.0.0 up to and including 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6.
Fasterxml Jackson-databindRedhat Openshift Container Platform 3.11Redhat Openshift Container Platform 4.1Oracle Retail Customer Management And Segmentation Foundation 17.0Oracle Clusterware 12.1.0.2.0Oracle Global Lifecycle Management OpatchOracle Utilities Advanced Spatial And Operational Analytics 2.7.0.1Oracle Communications Instant Messaging Server 10.0.1.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook