Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-3519
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote ...
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.3
7.5
CVSSv2
CVE-2012-5629
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote malicious users to bypass authentication via an empty password...
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Application Platform 6.0.1
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.2.0
5
CVSSv2
CVE-2020-1710
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 6.4.21
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
2.1
CVSSv2
CVE-2009-3554
Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP08 and 4.3 prior to 4.3.0.CP07 writes the JMX password, and other command-line arguments, to the twiddle.log file, which allows local users to obtain sensitive information by re...
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.2.2
2.1
CVSSv2
CVE-2012-0034
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...
Redhat Jboss Enterprise Application Platform 5.1.2
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.1.2
Redhat Jboss Enterprise Brms Platform
2.1
CVSSv2
CVE-2013-0218
The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows local users to obtain the administrator password and the sucker password by read...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.1.2
Redhat Jboss Enterprise Web Platform 5.1.2
Redhat Jboss Enterprise Web Platform 5.2.0
7.5
CVSSv2
CVE-2011-4605
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior t...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.1.2
Redhat Jboss Enterprise Web Platform 5.1.2
Redhat Jboss Enterprise Portal Platform 5.2.1
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Portal Platform 5.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
5
CVSSv2
CVE-2011-4610
JBoss Web, as used in Red Hat JBoss Communications Platform prior to 5.1.3, Enterprise Web Platform prior to 5.1.2, Enterprise Application Platform prior to 5.1.2, and other products, allows remote malicious users to cause a denial of service (infinite loop) via vectors related t...
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Web Platform
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Communications Platform
6.5
CVSSv2
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
Redhat Jboss Enterprise Application Platform 7.3.9
Redhat Jboss Enterprise Application Platform 7.4.0
5.5
CVSSv2
CVE-2014-3464
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restric...
Redhat Jboss Enterprise Application Platform 6.3.0
Redhat Jboss Enterprise Application Platform 6.2.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924
CVE-2024-3400
overflow
CVE-2024-23528
CVE-2024-21338
CVE-2024-3818
CVE-2024-23535
NULL pointer dereference
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »