Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jolokia vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-32114
In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with th...
NA
CVE-2022-41678
Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to cr...
Apache Activemq
NA
CVE-2023-31444
In Talend Studio prior to 7.3.1-R2022-10 and 8.x prior to 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
Talend Studio
570
VMScore
CVE-2021-40684
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or...
Talend Esb Runtime
570
VMScore
CVE-2019-12124
An issue exists in ONAP APPC before Dublin. By using an exposed unprotected Jolokia interface, an unauthenticated attacker can read or overwrite an arbitrary file. All APPC setups are affected.
Onap Open Network Automation Platform
605
VMScore
CVE-2018-10899
A flaw was found in Jolokia versions from 1.2 to prior to 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack.
Jolokia Jolokia
Redhat Openstack 13
605
VMScore
CVE-2015-5182
Cross-site request forgery (CSRF) vulnerability in the jolokia API in A-MQ.
Redhat Amq -
605
VMScore
CVE-2014-0168
Cross-site request forgery (CSRF) vulnerability in Jolokia prior to 1.2.1 allows remote malicious users to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
Jolokia Jolokia 1.0.2
Jolokia Jolokia 1.0.1
Jolokia Jolokia 1.0.0
Jolokia Jolokia 1.1.5
Jolokia Jolokia 1.1.0
Jolokia Jolokia 1.0.5
Jolokia Jolokia 1.0.3
Jolokia Jolokia 1.1.4
Jolokia Jolokia 1.1.3
Jolokia Jolokia 1.1.2
Jolokia Jolokia 1.1.1
Jolokia Jolokia
Jolokia Jolokia 1.0.6
Jolokia Jolokia 1.0.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started