Redhat

Jboss Operations Network

24 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2021-4104

  • EPSS 72.2%
  • Veröffentlicht 14.12.2021 12:15:12
  • Zuletzt bearbeitet 21.11.2024 06:36:54

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...

5.9

CVE-2020-14340

  • EPSS 0.31%
  • Veröffentlicht 02.06.2021 13:15:08
  • Zuletzt bearbeitet 21.11.2024 05:03:02

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 t...

7.5

CVE-2012-5626

  • EPSS 0.18%
  • Veröffentlicht 23.01.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 01:44:59

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores role...

6.5

CVE-2008-5083

  • EPSS 0.33%
  • Veröffentlicht 08.11.2019 00:15:10
  • Zuletzt bearbeitet 21.11.2024 00:53:14

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.

7.1

CVE-2013-4374

  • EPSS 0.1%
  • Veröffentlicht 04.11.2019 22:15:10
  • Zuletzt bearbeitet 21.11.2024 01:55:26

An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.

8

CVE-2010-0737

  • EPSS 0.14%
  • Veröffentlicht 30.10.2019 23:15:09
  • Zuletzt bearbeitet 21.11.2024 01:12:51

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator u...

7.3

CVE-2019-3834

  • EPSS 0.33%
  • Veröffentlicht 03.10.2019 14:15:11
  • Zuletzt bearbeitet 21.11.2024 04:42:38

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader propertie...

10

CVE-2015-7501

  • EPSS 71.46%
  • Veröffentlicht 09.11.2017 17:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x...

9.8

CVE-2016-6330

  • EPSS 10.01%
  • Veröffentlicht 27.09.2016 15:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. N...

8.8

CVE-2016-5422

  • EPSS 0.74%
  • Veröffentlicht 07.09.2016 19:28:03
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.