Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss enterprise application platform vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2012-4550
JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) prior to 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote malici...
Redhat Jboss Enterprise Application Platform 6.0.0
436
VMScore
CVE-2014-3472
The isCallerInRole function in SimpleSecurityManager in JBoss Application Server (AS) 7, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.3.0, does not properly check caller roles, which allows remote authenticated users to bypass access restrictions via unspeci...
Redhat Jboss Enterprise Application Platform 6.3.0
187
VMScore
CVE-2012-3427
EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application Platform (EAP) 5.1.2 uses 755 permissions for /var/cache/jboss-ec2-eap/, which allows local users to read sensitive information such as Amazon Web Services (AWS) credentials by reading files in the directory.
Redhat Jboss Enterprise Application Platform 5.1.2
668
VMScore
CVE-2011-4608
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote malicious users to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credenti...
Redhat Jboss Enterprise Application Platform 5.1.2
231
VMScore
CVE-2016-9585
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack.
Redhat Jboss Enterprise Application Platform 5.0.0
356
VMScore
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
356
VMScore
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss-ejb-client
436
VMScore
CVE-2020-14317
It was found that the issue for security flaw CVE-2019-3805 appeared again in a further version of JBoss Enterprise Application Platform - Continuous Delivery (EAP-CD) introducing regression. An attacker could exploit this by modifying the PID file in /var/run/jboss-eap/ allowing...
Redhat Jboss Enterprise Application Platform -
Redhat Wildfly -
445
VMScore
CVE-2012-5626
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs a...
Redhat Jboss Brms 5
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Enterprise Web Server 1.0.0
Redhat Jboss Operations Network 3.1
Redhat Jboss Portal 4.0.0
Redhat Jboss Portal 5.0.0
Redhat Jboss Soa Platform 4.2
Redhat Jboss Soa Platform 4.3
Redhat Jboss Soa Platform 5
356
VMScore
CVE-2021-32029
A flaw was found in postgresql. Using an UPDATE ... RETURNING command on a purpose-crafted table, an authenticated database user could read arbitrary bytes of server memory. The highest threat from this vulnerability is to data confidentiality.
Postgresql Postgresql
Redhat Jboss Enterprise Application Platform 7.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »