Redhat

Jboss Enterprise Brms Platform

24 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5

CVE-2013-4210

  • EPSS 1.27%
  • Published 01.10.2013 17:55:03
  • Last modified 11.04.2025 00:51:21

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of s...

5

CVE-2011-1483

  • EPSS 1.37%
  • Published 29.07.2013 13:59:54
  • Last modified 11.04.2025 00:51:21

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communicat...

7.5

CVE-2013-2165

  • EPSS 25.71%
  • Published 23.07.2013 11:03:11
  • Last modified 11.04.2025 00:51:21

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0...

4.9

CVE-2012-5478

  • EPSS 0.52%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated ...

5.8

CVE-2012-3370

  • EPSS 1.67%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a s...

4

CVE-2012-3369

  • EPSS 1.31%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via ...

6.8

CVE-2012-0874

  • EPSS 62.56%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica...

2.1

CVE-2012-0034

  • EPSS 0.07%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows l...

4.3

CVE-2011-4575

  • EPSS 1.27%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbi...

3.3

CVE-2012-2377

  • EPSS 0.99%
  • Published 23.11.2012 20:55:02
  • Last modified 11.04.2025 00:51:21

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent ...