Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2013-6495
JBossWeb Bayeux has reflected XSS
Redhat Jboss Enterprise Application Platform
Redhat Jboss Portal
445
VMScore
CVE-2011-1483
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1...
Redhat Jboss Enterprise Portal Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 5.1.0
Redhat Jboss Communications Platform 1.2.11
Redhat Jboss Communications Platform 5.1.1
Redhat Jboss Enterprise Brms Platform 5.1.0
Redhat Jboss Enterprise Application Platform 4.2.0
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Application Platform 5.1.1
Redhat Jboss Enterprise Portal Platform 5.1.1
Redhat Jboss Enterprise Soa Platform 4.3.0
Redhat Jboss Enterprise Web Platform 5.1.1
Hp Network Node Manager I 9.02
Hp Network Node Manager I 9.0
Hp Network Node Manager I 9.10
Hp Network Node Manager I 9.03
Hp Network Node Manager I 9.01
356
VMScore
CVE-2012-3369
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to gain privileges of the previous user via a null password,...
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
516
VMScore
CVE-2012-3370
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 returns the credentials of the previous user when a security context is not...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
685
VMScore
CVE-2012-0874
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 do not require authentication by default in cer...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
1 EDB exploit
383
VMScore
CVE-2008-3519
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote ...
Redhat Jboss Enterprise Application Platform 4.2
Redhat Jboss Enterprise Application Platform
Redhat Jboss Enterprise Application Platform 4.3
436
VMScore
CVE-2012-5478
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 does not properly restrict access, which allows remote authenticated users to bypass intend...
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
383
VMScore
CVE-2011-4575
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) prior to 5.2.0, Web Platform (EWP) prior to 5.2.0, BRMS Platform prior to 5.3.1, and SOA Platform prior to 5.3.1 allows remote malicious users to inject arbitrary web script...
Redhat Jboss Enterprise Web Platform 5.2.0
Redhat Jboss Enterprise Application Platform 5.2.0
Redhat Jboss Enterprise Brms Platform
445
VMScore
CVE-2019-14888
A vulnerability was found in the Undertow HTTP server in versions prior to 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.
Redhat Undertow
Redhat Jboss Data Grid -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Fuse 7.0.0
Redhat Single Sign-on 7.0
Netapp Active Iq Unified Manager -
668
VMScore
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 prior to 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote malicious users to execute a...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »