Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss operations network vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-3267
Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network prior to 3.3.3 allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Redhat Jboss Operations Network
NA
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
NA
CVE-2011-4573
Red Hat JBoss Operations Network (JON) prior to 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from be...
Redhat Jboss Operations Network
Redhat Jboss Operations Network 2.3.1
Redhat Jboss Operations Network 2.4
Redhat Jboss Operations Network 2.3
Redhat Jboss Operations Network 2.2
Redhat Jboss Operations Network 2.1.0
Redhat Jboss Operations Network 2.0.1
Redhat Jboss Operations Network 2.0.0
Redhat Jboss Operations Network 1.0.0
NA
CVE-2012-0032
Red Hat JBoss Operations Network (JON) prior to 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
Redhat Jboss Operations Network
NA
CVE-2012-1100
Red Hat JBoss Operations Network (JON) 3.0.x prior to 3.0.1, 2.4.2, and previous versions, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote malicious users to login to LDAP-based accounts via an arbitrary password in a login req...
Redhat Jboss Operations Network 3.0
Redhat Jboss Operations Network
Redhat Jboss Operations Network 2.0.1
Redhat Jboss Operations Network 2.0.0
Redhat Jboss Operations Network 2.4
Redhat Jboss Operations Network 2.3
Redhat Jboss Operations Network 2.1.0
Redhat Jboss Operations Network 2.3.1
Redhat Jboss Operations Network 2.2
NA
CVE-2012-0052
Red Hat JBoss Operations Network (JON) prior to 2.4.2 and 3.0.x prior to 3.0.1 does not check the JON agent key, which allows remote malicious users to spoof the identity of arbitrary agents via the registered agent name.
Redhat Jboss Operations Network
Redhat Jboss Operations Network 2.4
Redhat Jboss Operations Network 2.3.1
Redhat Jboss Operations Network 2.3
Redhat Jboss Operations Network 2.2
Redhat Jboss Operations Network 2.1.0
Redhat Jboss Operations Network 2.0.0
Redhat Jboss Operations Network 3.0
Redhat Jboss Operations Network 2.0.1
NA
CVE-2012-0062
Red Hat JBoss Operations Network (JON) prior to 2.4.2 and 3.0.x prior to 3.0.1 allows remote malicious users to hijack agent sessions via an agent registration request without a security token.
Redhat Jboss Operations Network 2.0.0
Redhat Jboss Operations Network 3.0
Redhat Jboss Operations Network
Redhat Jboss Operations Network 2.4
Redhat Jboss Operations Network 2.3.1
Redhat Jboss Operations Network 2.2
Redhat Jboss Operations Network 2.0.1
Redhat Jboss Operations Network 2.3
Redhat Jboss Operations Network 2.1.0
NA
CVE-2013-4293
The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.
Redhat Jboss Operations Network 3.1.2
NA
CVE-2013-4373
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.
Redhat Jboss Operations Network 3.1.2
NA
CVE-2012-5920
Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) 2.4 up to and including 2.5 Final, as used in JBoss Operations Network (ON) 3.1.1 and possibly other products, allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: ...
Google Web Toolkit 2.4.0
Google Web Toolkit 2.4
Google Web Toolkit 2.5.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »