Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat fuse vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-27782
A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availa...
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Undertow 2.0.33
Redhat Undertow 2.2.3
Redhat Undertow 2.1.5
6.5
CVSSv3
CVE-2019-14860
It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further access unauthorized information.
Redhat Syndesis -
Redhat Fuse
7.5
CVSSv3
CVE-2020-10718
A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process API has an exposed setting of the Thread Context Classloader (TCCL). This setting is exposed as a public method, which can bypass the security manager. The highest threat from thi...
Redhat Jboss Fuse 7.0.0
Redhat Wildfly
NA
CVE-2014-8175
Red Hat JBoss Fuse prior to 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
Redhat Jboss Fuse
8.8
CVSSv3
CVE-2020-1718
A flaw was found in the reset credential flow in all Keycloak versions prior to 8.0.0. This flaw allows an malicious user to gain unauthorized access to the application.
Redhat Keycloak
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
7.5
CVSSv3
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Fuse 6.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Single Sign-on 7.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Data Grid -
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2022-2053
When a POST request comes through AJP and the request exceeds the max-post-size limit (maxEntitySize), Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy mark...
Redhat Jboss Fuse 7.0.0
Redhat Integration Camel K -
Redhat Undertow
Redhat Undertow 2.3.0
6.1
CVSSv3
CVE-2016-1000229
swagger-ui has XSS in key names
Smartbear Swagger-ui -
Redhat Openshift 2.0
Redhat Jboss Fuse 6.3
8.8
CVSSv3
CVE-2014-0120
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote malicious users to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
Hawt Hawtio
Redhat Jboss Fuse 6.1.0
NA
CVE-2014-5075
The Ignite Realtime Smack XMPP API 4.x prior to 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the...
Redhat Jboss Fuse
Igniterealtime Smack Api
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »