Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat jboss a-mq 7 vulnerabilities and exploits
(subscribe to this query)
5.6
CVSSv3
CVE-2020-14379
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.
Redhat Jboss A-mq 7
2.1
CVSSv2
CVE-2021-3425
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Versions shipped in Red Hat AMQ 7 are vulnerable.
Redhat Jboss A-mq 7
5.5
CVSSv3
CVE-2023-4065
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local malicious user to access information outside of their permissions.
Redhat Jboss A-mq 7
Redhat Jboss Middleware 1
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
5.5
CVSSv3
CVE-2023-4066
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.
Redhat Jboss A-mq 7
Redhat Jboss Middleware 1
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
6.5
CVSSv3
CVE-2023-1664
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be v...
* Keycloak
Redhat Build Of Quarkus -
Redhat Jboss A-mq 7
Redhat Keycloak -
Redhat Migration Toolkit For Runtimes -
Redhat Single Sign-on 7.0
7.5
CVSSv3
CVE-2022-1278
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
Redhat Wildfly
Redhat Amq 2.0
Redhat Amq Online -
Redhat Integration Camel K -
Redhat Integration Service Registry -
Redhat Jboss A-mq 7
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Single Sign-on 7.0
3.5
CVSSv2
CVE-2021-3536
A flaw was found in Wildfly in versions prior to 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity.
Redhat Build Of Quarkus -
Redhat Data Grid 8.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Integration Service Registry -
Redhat Jboss A-mq 7
Redhat Jboss Enterprise Application Platform 7.0
Redhat Wildfly
6
CVSSv2
CVE-2021-4104
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t...
Apache Log4j 1.2
Fedoraproject Fedora 35
Redhat Codeready Studio 12.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus -
Redhat Jboss A-mq 6.0.0
Redhat Jboss A-mq 7
Redhat Jboss A-mq Streaming -
Redhat Jboss Data Grid 7.0.0
Redhat Jboss Data Virtualization 6.0.0
Redhat Jboss Enterprise Application Platform 6.0.0
Redhat Jboss Enterprise Application Platform 7.0
9 Github repositories
6.4
CVSSv2
CVE-2017-2666
It exists in Undertow that the code that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manip...
Redhat Undertow -
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform 7.1.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
5.1
CVSSv2
CVE-2018-12022
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provi...
Fasterxml Jackson-databind
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Merchandising System 15.0
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
Redhat Jboss Brms 6.4.10
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Openshift Container Platform 3.11
Redhat Single Sign-on 7.3
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
apache atlas
wp html page sitemap
inject
everest forms
CVE-2025-25356
CVE-2024-47264
cross-site scripting
CVE-2025-0837
CVE-2025-25286
*
CVE-2024-12754
arbitrary code
CVE-2025-24472
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »