Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
enterprise application platform vulnerabilities and exploits
(subscribe to this query)
409
VMScore
CVE-2012-2312
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain...
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Application Server 7.1.1
Redhat Jboss Application Server 7.1.0
445
VMScore
CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform prior to 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote malicious users to obtain plaintext data via a...
Redhat Jboss Enterprise Portal Platform 5.0.0
Redhat Jboss Enterprise Portal Platform 5.1.1
Redhat Jboss Enterprise Portal Platform 5.1.0
Redhat Jboss Enterprise Portal Platform
Redhat Jboss Enterprise Portal Platform 5.2.0
Redhat Jboss Enterprise Portal Platform 5.0.1
561
VMScore
CVE-2020-14299
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an malicious user to perform a complete authentication bypass by ...
Redhat Single Sign-on 7.0
Redhat Openshift Application Runtimes -
Redhat Jboss Enterprise Application Platform
446
VMScore
CVE-2020-10693
A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows malicious users to bypass input sanitation (escaping, stripping) controls that develope...
Redhat Hibernate Validator 7.0.0
Redhat Hibernate Validator
Ibm Websphere Application Server
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Satellite Capsule 6.8
Redhat Satellite 6.8
Quarkus Quarkus
Oracle Weblogic Server 14.1.1.0.0
3 Github repositories
NA
CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDiges...
Redhat Wildfly Elytron 1.15.15
Redhat Jboss Enterprise Application Platform 7.0.0
356
VMScore
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
231
VMScore
CVE-2021-3597
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions before 2.0.35.SP1, before 2.2.6.SP1, bef...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Fuse 1.0
Redhat Undertow 2.0.39
Redhat Undertow 2.2.9
Redhat Undertow 2.0.36
Redhat Undertow 2.2.7
Redhat Undertow 2.2.6
Redhat Undertow
Redhat Undertow 2.0.35
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
NA
CVE-2023-1108
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Redhat Decision Manager 7.0
Redhat Single Sign-on -
Redhat Process Automation 7.0
Redhat Openstack Platform 13.0
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Fuse 1.0.0
Redhat Undertow
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.6
Netapp Oncommand Workflow Automation -
312
VMScore
CVE-2019-3872
It was found that a SAMLRequest containing a script could be processed by Picketlink versions shipped in Jboss Application Platform 7.2.x and 7.1.x. An attacker could use this to send a malicious script to achieve cross-site scripting and obtain unauthorized information or conduc...
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.0
668
VMScore
CVE-2014-3490
RESTEasy 2.3.1 prior to 2.3.8.SP2 and 3.x prior to 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote malicious users to...
Redhat Resteasy 3.0
Redhat Jboss Enterprise Application Platform 6.3.0
Redhat Resteasy
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »