Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 2025/05/22 5:38 a.m.4 views

CVE-2017-10992

In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461...

10CVSS9.6AI score0.02863EPSS
Exploits1References1
BDU FSTEC
BDU FSTECadded 2022/11/02 12:0 a.m.1 views

The vulnerability of the McAfee Web Reporter Premium anti-virus software arises from insufficient restrictions on access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servers. This allows attackers to execute arbitrary Java code.

The vulnerability of the McAfee Web Reporter Premium antivirus software exists due to insufficient restrictions on access to the invoker/EJBInvokerServlet and invoker/JMXInvokerServlet servers. Exploiting this vulnerability allows a malicious actor to execute arbitrary Java code by sending...

8.8CVSS5.9AI score
Exploits0References1
Github Security Blog
Github Security Blogadded 2022/04/30 6:21 p.m.25 views

Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

7.5CVSS6.6AI score0.05353EPSS
Exploits0References13Affected Software1
OSV
OSVadded 2022/04/30 6:21 p.m.18 views

GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...

7.5CVSS6.4AI score0.05353EPSS
Exploits0References12
BDU FSTEC
BDU FSTECadded 2021/12/09 12:0 a.m.2 views

The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server allows a perpetrator to execute arbitrary code or gain full control over the system.

The vulnerability of the Invoker Servlet component in SAP NetWeaver Java Application Server is related to deficiencies in the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code or gain full control over the system through specially crafted HTTP or...

10CVSS8.5AI score0.13179EPSS
Exploits0References7Affected Software1
CISA KEV Catalog
CISA KEV Catalogadded 2021/11/03 12:0 a.m.22 views

SAP NetWeaver Remote Code Execution Vulnerability

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...

10CVSS9.5AI score0.13179EPSS
In wildExploits0
Tenable Nessus
Tenable Nessusadded 2021/04/09 12:0 a.m.171 views

SAP NetWeaver AS Java Invoker Servlet Code Execution (1445998)

SAP Netweaver Application Server Java versions before 7.30 are potentially affected by a code execution vulnerability in the invoker servlet. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. C Tenable Network Security,...

10CVSS9.2AI score0.13179EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEVadded 2018/03/28 12:0 a.m.0 views

VulnCheck KEV: CVE-2012-0874

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which...

6.8CVSS6.6AI score0.5129EPSS
Exploits1References1
seebug.org
seebug.orgadded 2016/11/29 12:0 a.m.22 views

Red Hat JBoss EAP - Deserialization of Untrusted Data

1.Abstract. JBoss EAP's JMX Invoker Servlet is exposed by default on port 8080/TCP. The communication employs serialized Java objects, encapsulated in HTTP requests and responses. The server deserializes these objects without checking the object type. This behavior can be exploited to cause a...

7.7AI score
Exploits0
Exploit DB
Exploit DBadded 2016/11/28 12:0 a.m.215 views

Red Hat JBoss EAP - Deserialization of Untrusted Data

Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untrusted data via the JMX Invoker Servlet. This can lead to a...

8.8CVSS8.8AI score0.12098EPSS
Exploits3
exploitpack
exploitpackadded 2016/11/28 12:0 a.m.38 views

Red Hat JBoss EAP - Deserialization of Untrusted Data

Red Hat JBoss EAP - Deserialization of Untrusted Data Security Advisory @ Mediaservice.net Srl 05, 23/11/2016 Data Security Division Title: Red Hat JBoss EAP deserialization of untrusted data Application: JBoss EAP 5.2.X and prior versions Description: The application server deserializes untruste...

6.5CVSS0.6AI score0.12098EPSS
Exploits3
CNVD
CNVDadded 2016/05/17 12:0 a.m.1 views

SAP NetWeaver Application Server Invoker Servlet Arbitrary Code Execution Vulnerability

SAP NetWeaver is SAP's integrated service-oriented application platform that provides a development and runtime environment for SAP applications. SAP NetWeaver Application Server AS Java is an application server that runs on NetWeaver and is based on the Java programming language. SAP NetWeaver...

10CVSS9.1AI score0.13179EPSS
Exploits0References1
CVE
CVEadded 2016/05/13 10:0 a.m.1088 views

CVE-2010-5326

The CVE-2010-5326 issue affects SAP NetWeaver Application Server Java, specifically the Invoker Servlet, and is exploitable without authentication. Affected are SAP NetWeaver AS Java platforms possibly older than version 7.3, where an unauthenticated HTTP/HTTPS request can trigger remote code exe...

10CVSS9.8AI score0.13179EPSS
In wildExploits0References7Affected Software1
Vulnrichment
Vulnrichmentadded 2016/05/13 10:0 a.m.14 views

CVE-2010-5326

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack...

8.1AI score0.13179EPSS
Exploits0References6
Cvelist
Cvelistadded 2016/05/13 10:0 a.m.34 views

CVE-2010-5326

The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack...

9.9AI score0.13179EPSS
Exploits0References6
VulnCheck KEV
VulnCheck KEVadded 2016/05/13 12:0 a.m.1 views

VulnCheck KEV: CVE-2010-5326

SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request...

10CVSS8AI score0.13179EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2016/03/25 12:0 a.m.1 views

VulnCheck KEV: CVE-2013-4810

HP ProCurve Manager PCM, PCM+, Identity Driven Manager IDM, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to 1 EJBInvokerServlet or 2 JMXInvokerServlet...

10CVSS6.4AI score0.89695EPSS
Exploits37References1
RedHat Linux
RedHat Linuxadded 2015/04/21 10:52 a.m.2 views

RHQ: ServerInvokerServlet remote code exec

It was discovered that the JBoss Operations Network server did not correctly restrict access to certain remote APIs. A remote, unauthenticated attacker could use this flaw to execute arbitrary Java methods via ServerInvokerServlet or SchedulerService, and possibly exhaust all available disk space...

9CVSS6.1AI score0.00554EPSS
Exploits0References4
Prion
Prionadded 2013/02/05 11:55 p.m.24 views

Design/Logic Flaw

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

6.8CVSS8.2AI score0.5129EPSS
Exploits1References18Affected Software3
RedHat Linux
RedHat Linuxadded 2013/01/31 7:31 p.m.3 views

JBoss invoker servlets do not require authentication

The 1 JMXInvokerHAServlet and 2 EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow...

6.8CVSS6.6AI score0.5129EPSS
Exploits1References4
Rows per page
Query Builder