Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
java vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-24639
There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command execution in a containerized environment within Airwave Glass prior to 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
Arubanetworks Airwave Glass
10
CVSSv2
CVE-2020-27131
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote malicious user to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-suppli...
Cisco Security Manager
10
CVSSv2
CVE-2020-14882
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with netw...
Oracle Weblogic Server 12.1.3.0.0
Oracle Weblogic Server 10.3.6.0.0
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
43 Github repositories
2 Articles
10
CVSSv2
CVE-2020-24786
An issue exists in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 before build number 4228, ADSelfService Plus before build number 5817, DataSecurity Plus before build number 6033, RecoverManager Plus before build number 6017, EventLog Analyzer before bu...
Zohocorp Manageengine Adselfservice Plus 5.8
Zohocorp Manageengine Adselfservice Plus
Zohocorp Manageengine Exchange Reporter Plus
Zohocorp Manageengine Exchange Reporter Plus 5.5
Zohocorp Manageengine Ad360
Zohocorp Manageengine Ad360 4.2
Zohocorp Manageengine Datasecurity Plus
Zohocorp Manageengine Datasecurity Plus 6.0
Zohocorp Manageengine Recovermanager Plus
Zohocorp Manageengine Recovermanager Plus 6.0
Zohocorp Manageengine Eventlog Analyzer 12.1.3
Zohocorp Manageengine Eventlog Analyzer
Zohocorp Manageengine Adaudit Plus
Zohocorp Manageengine Adaudit Plus 6.0
Zohocorp Manageengine O365 Manager Plus 4.3
Zohocorp Manageengine O365 Manager Plus
Zohocorp Manageengine Cloud Security Plus
Zohocorp Manageengine Cloud Security Plus 4.1
Zohocorp Manageengine Admanager Plus
Zohocorp Manageengine Admanager Plus 7.0
Zohocorp Manageengine Log360
Zohocorp Manageengine Log360 5.1
10
CVSSv2
CVE-2020-6287
SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the...
Sap Netweaver Application Server Java 7.30
Sap Netweaver Application Server Java 7.31
Sap Netweaver Application Server Java 7.40
Sap Netweaver Application Server Java 7.50
9 Github repositories
2 Articles
10
CVSSv2
CVE-2020-11975
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
Apache Unomi
3 Github repositories
10
CVSSv2
CVE-2020-3280
A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote malicious user to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-suppli...
Cisco Unified Contact Center Express
1 Article
10
CVSSv2
CVE-2019-13022
Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the databas...
Jetstream Jetselect
10
CVSSv2
CVE-2020-12133
The Apros Evolution, ConsciusMap, and Furukawa provisioning systems up to and including 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.
Farukawa Electric Consciousmap
10
CVSSv2
CVE-2020-6207
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
Sap Solution Manager 7.20
2 Metasploit modules
2 Github repositories
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »