Redhat

Jboss Fuse

43 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2020-1718

  • EPSS 0.37%
  • Published 12.05.2020 21:15:11
  • Last modified 21.11.2024 05:11:13

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application.

8.1

CVE-2020-1757

  • EPSS 0.46%
  • Published 21.04.2020 17:15:12
  • Last modified 21.11.2024 05:11:19

A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the ...

9.1

CVE-2019-14887

  • EPSS 0.18%
  • Published 16.03.2020 15:15:12
  • Last modified 21.11.2024 04:27:36

A flaw was found when an OpenSSL security provider is used with Wildfly, the 'enabled-protocols' value in the Wildfly configuration isn't honored. An attacker could target the traffic sent from Wildfly and downgrade the connection to a weaker version...

9.8

CVE-2019-14892

  • EPSS 0.87%
  • Published 02.03.2020 17:15:17
  • Last modified 21.11.2024 04:27:37

A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to ex...

7.5

CVE-2019-14888

  • EPSS 0.24%
  • Published 23.01.2020 17:15:11
  • Last modified 21.11.2024 04:27:36

A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. An attacker can target the HTTPS port to carry out a Denial Of Service (DOS) to make the service unavailable on SSL.

4.3

CVE-2019-14820

  • EPSS 0.31%
  • Published 08.01.2020 15:15:11
  • Last modified 21.11.2024 04:27:25

It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. This vulnerability could allow an attacker to access unauthorized informa...

6.1

CVE-2016-1000229

  • EPSS 4.85%
  • Published 20.12.2019 14:15:11
  • Last modified 21.11.2024 02:43:01

swagger-ui has XSS in key names

7.5

CVE-2019-10172

Media report
  • EPSS 0.57%
  • Published 18.11.2019 17:15:11
  • Last modified 21.11.2024 04:18:34

A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. XML external entity vulnerabilities similar CVE-2016-3720 also affects codehaus jackson-mapper-asl libraries but in different classes.

9.8

CVE-2019-10212

  • EPSS 0.29%
  • Published 02.10.2019 19:15:11
  • Last modified 21.11.2024 04:18:39

A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. If enabled, an attacker could abuse this flaw to obtain the user's credentials from the log files.

4

CVE-2015-7559

  • EPSS 0.09%
  • Published 01.08.2019 14:15:10
  • Last modified 21.11.2024 02:36:58

It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.