Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2009-2405
Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 prior to 4.2.0.CP08, 4.2.2GA, 4.3 prior to 4.3.0.CP07, and 5.1.0GA allow remote malicious users to inje...
Redhat Jboss Enterprise Application Platform 4.3
Redhat Jboss Enterprise Application Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.2
2.1
CVSSv2
CVE-2012-0034
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform prior to 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensiti...
Redhat Jboss Enterprise Application Platform 5.1.2
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.1.2
Redhat Jboss Enterprise Brms Platform
5
CVSSv2
CVE-2010-1429
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
1 Github repository
4.3
CVSSv2
CVE-2011-4580
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform prior to 5.2.0 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Portal Platform
Redhat Jboss Enterprise Portal Platform 5.0.0
Redhat Jboss Enterprise Portal Platform 5.0.1
Redhat Jboss Enterprise Portal Platform 5.1.0
5.8
CVSSv2
CVE-2011-2941
Open redirect vulnerability in Red Hat JBoss Enterprise Portal Platform prior to 5.2.0 allows remote malicious users to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the initialURI parameter.
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Portal Platform 5.0.0
Redhat Jboss Enterprise Portal Platform 5.1.0
Redhat Jboss Enterprise Portal Platform 5.0.1
Redhat Jboss Enterprise Portal Platform
5
CVSSv2
CVE-2010-1428
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 prior to 4.2.0.CP09 and 4.3 prior to 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote malicious users to obtain sens...
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform 4.3
6.5
CVSSv2
CVE-2013-6468
JBoss Drools, Red Hat JBoss BRMS prior to 6.0.1, and Red Hat JBoss BPM Suite prior to 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or (2) Drools expression.
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Bpm Suite 6.0.0
Redhat Jboss Drools -
5
CVSSv2
CVE-2020-1710
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400.
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform 6.4.21
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Jboss Enterprise Application Platform 7.3.0
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
5
CVSSv2
CVE-2010-2493
The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) t...
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 5.0.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform
4.3
CVSSv2
CVE-2011-3609
A CSRF issue was found in JBoss Application Server 7 prior to 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak...
Redhat Jboss Application Server 7.0.0
Redhat Jboss Application Server 7.0.1
Redhat Jboss Application Server 7.0.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »