Redhat

Jboss Enterprise Application Platform

238 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2019-3894

  • EPSS 1.23%
  • Veröffentlicht 03.05.2019 20:29:01
  • Zuletzt bearbeitet 21.11.2024 04:42:48

It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could all...

5.4

CVE-2018-10934

  • EPSS 0.44%
  • Veröffentlicht 27.03.2019 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:20

A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this to attack other privileged users.

7.5

CVE-2018-12022

  • EPSS 2.93%
  • Veröffentlicht 21.03.2019 16:00:12
  • Zuletzt bearbeitet 21.11.2024 03:44:25

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in ...

7.5

CVE-2018-12023

  • EPSS 4.66%
  • Veröffentlicht 21.03.2019 16:00:12
  • Zuletzt bearbeitet 21.11.2024 03:44:26

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provid...

9.8

CVE-2018-14720

  • EPSS 2.52%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.

10

CVE-2018-14721

  • EPSS 5.93%
  • Veröffentlicht 02.01.2019 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:40

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic deserialization.

5.3

CVE-2018-14642

  • EPSS 0.75%
  • Veröffentlicht 18.09.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:49:29

An information leak vulnerability was found in Undertow. If all headers are not written out in the first write() call then the code that handles flushing the buffer will always write out the full contents of the writevBuffer buffer, which may contain...

7.8

CVE-2016-7066

  • EPSS 0.03%
  • Veröffentlicht 11.09.2018 14:29:00
  • Zuletzt bearbeitet 21.11.2024 02:57:23

It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

6.5

CVE-2016-7061

  • EPSS 0.59%
  • Veröffentlicht 10.09.2018 16:29:00
  • Zuletzt bearbeitet 21.11.2024 02:57:22

An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive infor...

7.5

CVE-2018-1000632

Exploit
  • EPSS 1.61%
  • Veröffentlicht 20.08.2018 19:31:31
  • Zuletzt bearbeitet 21.11.2024 03:40:16

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be explo...