Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jboss vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2010-3708
The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.3 prior to 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote malicious users to execute a...
Redhat Jboss Enterprise Application Platform 4.3.0
Redhat Jboss Enterprise Soa Platform 4.2.0
Redhat Jboss Enterprise Soa Platform 4.3.0
4.3
CVSSv2
CVE-2017-2658
It exists that the Dashbuilder login page as used in Red Hat JBoss BPM Suite prior to 6.4.2 and Red Hat JBoss Data Virtualization & Services prior to 6.4.3 could be opened in an IFRAME, which made it possible to intercept and manipulate requests. An attacker could use this fl...
Redhat Jboss Data Virtualization \\& Services
Redhat Jboss Bpm Suite
4
CVSSv2
CVE-2008-5083
In JON 2.1.x prior to 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
Redhat Jboss Operations Network
Redhat Jboss Operations Network 2.1.2
4
CVSSv2
CVE-2014-7853
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain...
Redhat Jboss Operations Network 3.3.1
Redhat Jboss Enterprise Application Platform
6.8
CVSSv2
CVE-2016-5401
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote malicious users to hijack the authentication of users for requests that modify instances via a crafted web page.
Redhat Jboss Enterprise Brms Platform 6.0.0
Redhat Jboss Bpm Suite 6.0.0
3.6
CVSSv2
CVE-2014-0005
PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS prior to 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.
Redhat Jboss Enterprise Brms Platform
Redhat Jboss Enterprise Application Platform 6.2.2
NA
CVE-2021-3688
A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an malicious user to access unauthorized information or possibly conduct furt...
Redhat Jboss Core Services Httpd 2.4.37
Redhat Jboss Core Services Httpd
4
CVSSv2
CVE-2021-20250
A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality.
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss-ejb-client
5
CVSSv2
CVE-2016-9589
Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable to a resource exhaustion resulting in a denial of service. Undertow keeps a cache of seen HTTP headers in persistent connections. It was found that this cache can easily exploited to fill memory with garbage, u...
Redhat Jboss Wildfly Application Server 11.0.0
Redhat Jboss Wildfly Application Server
4.3
CVSSv2
CVE-2020-14340
A vulnerability exists in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the malicious user to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 up to and including 3.8.1.Final.
Redhat Xnio
Redhat Xnio 3.6.0
Redhat Jboss Operations Network 3.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Fuse 6.0.0
Redhat Jboss Enterprise Application Platform 5.0.0
Redhat Jboss Fuse 7.0.0
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Brms 5
Redhat Jboss Soa Platform 5
Redhat Jboss Brms 6
Redhat Jboss Data Grid 6.0.0
Redhat Jboss Data Virtualization 6.0.0
Oracle Communications Cloud Native Core Network Repository Function 1.14.0
Oracle Communications Cloud Native Core Policy 1.14.0
Oracle Communications Cloud Native Core Unified Data Repository 1.14.0
Oracle Communications Cloud Native Core Service Communication Proxy 1.14.0
Oracle Communications Cloud Native Core Security Edge Protection Proxy 1.15.0
Oracle Communications Cloud Native Core Console 1.9.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27842
CVE-2024-30657
CVE-2024-4534
hardcoded
SSRF
CVE-2024-21683
CVE-2024-5364
file upload
CVE-2024-5371
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »