Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss_enterprise_application_platform vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-10934
A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions prior to 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.
Redhat Jboss Enterprise Application Platform 7.0
Redhat Jboss Enterprise Application Platform 7.1.0
Redhat Single Sign-on 7.2
7.5
CVSSv3
CVE-2023-4503
An improper initialization vulnerability was found in Galleon. When using Galleon to provision custom EAP or EAP-XP servers, the servers are created unsecured. This issue could allow an malicious user to access remote HTTP services available from the server.
Redhat Jboss Enterprise Application Platform -
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Enterprise Application Platform 7.4
7.5
CVSSv3
CVE-2019-0210
In Apache Thrift 0.9.3 to 0.12.0, a server implemented in Go using TJSONProtocol or TSimpleJSONProtocol may panic when feed with invalid input data.
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
7.5
CVSSv3
CVE-2019-0205
In Apache Thrift all versions up to and including 0.12.0, a server or client may run into an endless loop when feed with specific input data. Because the issue had already been partially fixed in version 0.11.0, depending on the installed version it affects only certain language ...
Apache Thrift
Redhat Jboss Enterprise Application Platform 7.2.0
Oracle Communications Cloud Native Core Network Slice Selection Function 1.2.1
7.5
CVSSv3
CVE-2020-10705
A flaw exists in Undertow in versions before Undertow 2.1.1.Final where certain requests to the "Expect: 100-continue" header may cause an out of memory error. This flaw may potentially lead to a denial of service.
Redhat Undertow
Netapp Oncommand Insight -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Jboss Enterprise Application Platform 7.2
5.9
CVSSv3
CVE-2021-3597
A flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions before 2.0.35.SP1, before 2.2.6.SP1, bef...
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Fuse 1.0
Redhat Undertow 2.0.39
Redhat Undertow 2.2.9
Redhat Undertow 2.0.36
Redhat Undertow 2.2.7
Redhat Undertow 2.2.6
Redhat Undertow
Redhat Undertow 2.0.35
Redhat Jboss Enterprise Application Platform 7.3
Redhat Jboss Enterprise Application Platform 7.4
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
9.8
CVSSv3
CVE-2019-17267
A Polymorphic Typing issue exists in FasterXML jackson-databind prior to 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.
Fasterxml Jackson-databind
Netapp Steelstore Cloud Integrated Storage -
Netapp Oncommand Workflow Automation -
Netapp Service Level Manager -
Netapp Oncommand Api Services -
Netapp Active Iq Unified Manager
Debian Debian Linux 8.0
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Oracle Weblogic Server 12.2.1.3.0
Oracle Retail Customer Management And Segmentation Foundation 17.0
Oracle Goldengate Application Adapters 19.1.0.0.0
Oracle Customer Management And Segmentation Foundation
7.5
CVSSv3
CVE-2018-1000632
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specify...
Dom4j Project Dom4j
Debian Debian Linux 8.0
Oracle Flexcube Investor Servicing 12.3.0
Oracle Flexcube Investor Servicing 12.1.0
Oracle Flexcube Investor Servicing 12.0.4
Oracle Retail Integration Bus 15.0
Oracle Utilities Framework 4.2.0.3.0
Oracle Utilities Framework 4.2.0.2.0
Oracle Flexcube Investor Servicing 12.4.0
Oracle Flexcube Investor Servicing 14.0.0
Oracle Retail Integration Bus 16.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Primavera P6 Enterprise Project Portfolio Management
Oracle Rapid Planning 12.1
Oracle Rapid Planning 12.2
Oracle Utilities Framework 4.4.0.2
Oracle Utilities Framework 2.2.0
Oracle Utilities Framework
Redhat Satellite Capsule 6.6
Redhat Satellite 6.6
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 6.4.0
8.8
CVSSv3
CVE-2019-10174
A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's privileges. The attacker can use reflection to introduce new, malicious be...
Infinispan Infinispan
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Netapp Active Iq Unified Manager -
7.5
CVSSv3
CVE-2023-3223
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it...
Redhat Undertow
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Ibm Linuxone 4.9
Redhat Openshift Container Platform For Ibm Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform Text-only Advisories -
Redhat Single Sign-on 7.6
Redhat Jboss Enterprise Application Platform 7.4
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »