Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2005-2158
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote malicious users to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
Jboss Jbpm 2.0
4.3
CVSSv2
CVE-2014-3656
JBoss KeyCloak: XSS in login-status-iframe.html
Redhat Jboss Keycloak -
6
CVSSv2
CVE-2014-8175
Red Hat JBoss Fuse prior to 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file.
Redhat Jboss Fuse
4
CVSSv2
CVE-2019-14885
A flaw was found in the JBoss EAP Vault system in all versions prior to 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the...
Redhat Single Sign-on 7.0
Redhat Jboss Enterprise Application Platform 7.2.6
Redhat Jboss Enterprise Application Platform
5.5
CVSSv2
CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may...
Redhat Undertow 2.0.0
Redhat Undertow 2.0.25
Redhat Undertow 2.0.26
Redhat Undertow 2.0.28
Redhat Undertow
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on 7.0
3.7
CVSSv2
CVE-2012-0032
Red Hat JBoss Operations Network (JON) prior to 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
Redhat Jboss Operations Network
3.5
CVSSv2
CVE-2014-3650
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.
Redhat Jboss Aerogear 1.0.0
6
CVSSv2
CVE-2013-3734
The Embedded Jopr component in JBoss Application Server includes the cleartext datasource password in unspecified HTML responses, which might allow (1) man-in-the-middle malicious users to obtain sensitive information by leveraging failure to use SSL or (2) malicious users to obt...
Redhat Jboss Application Server
9
CVSSv2
CVE-2016-3737
The server in Red Hat JBoss Operations Network (JON) prior to 3.3.6 allows remote malicious users to execute arbitrary code via a crafted HTTP request, related to message deserialization.
Redhat Jboss Operations Network
6.8
CVSSv2
CVE-2019-3834
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows malicious users to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such ...
Redhat Jboss Operations Network
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »