19 matches found
Security Bulletin: IBM Sterling Global Mailbox is vulnerable to arbitrary command execution due to com.ibm.ws.org.apache.commons.collections (CVE-2015-7501)
Summary A security vulnerability has been identified and addressed in com.ibm.ws.org.apache.commons.collections.3.2.1-1.0.9.jar shipped with IBM Sterling Global Mailbox. Vulnerability Details CVEID:CVE-2015-7501 DESCRIPTION: Red Hat JBoss A-MQ 6.x; BPM Suite BPMS 6.x; BRMS 6.x and 5.x; Data Grid...
Security Bulletin: IBM Resilient SOAR is Using Components with Known Vulnerabilities - activemq-camel-5.15.9.jar (CVE-2015-5182, CVE-2015-5183, CVE-2015-5184, CVE-2020-1941)
Summary activemq-camel-5.15.9.jar vulnerable to multiple CVEs. Details below. Vulnerability Details CVEID: CVE-2015-5182 DESCRIPTION: Red Hat JBoss A-MQ is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the jolokia API. By persuading an...
Deserialization of untrusted data
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...
CVE-2016-8648
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...
CVE-2016-8648
CVE-2016-8648 affects the Karaf container used by Red Hat JBoss Fuse 6.x and Red Hat JBoss A-MQ 6.x. The vulnerability arises from deserializing objects passed to MBeans via JMX operations, which could allow an attacker to execute remote code in the context of the JVM if deserialization gadgets e...
CVE-2016-8648
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...
Moderate: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R7 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R4 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R2 security and bug fix update
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...
RedHat Jboss Fuse and Jboss A-MQ Denial of Service Vulnerabilities
Red Hat JBoss Fuse and JBoss A-MQ are both products of Red Hat's JBoss middleware.JBoss Fuse is an open source enterprise service bus platform.JBoss A-MQ is an open source messaging platform. A denial of service vulnerability exists in RedHat Jboss Fuse and Jboss A-MQ version 6. An attacker could...
Moderate: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.2.1 security and bug fix update
Red Hat JBoss Fuse and A-MQ 6.2.1 Rollup Patch 3, which fixes two security issues and includes several bug fixes and various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse 6.2.1 update
Red Hat JBoss Fuse 6.2.1, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Important: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.2.1 update
Red Hat JBoss A-MQ 6.2.1, which fixes three security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Important: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.2.0 update
Red Hat JBoss A-MQ 6.2.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores,...
Important: Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 security and bug fix update
Red Hat JBoss Fuse and A-MQ 6.1.0 Patch 3 on Rollup Patch 1 R1P3, which fixes two security issues and one bug, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base score...
Moderate: Red Hat Security Advisory: Red Hat JBoss A-MQ 6.1.0 update
Red Hat JBoss A-MQ 6.1.0, which fixes multiple security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS bas...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the 1 user field in the create user page or 2 profile version to the create...
CVE-2013-4372
Multiple cross-site scripting XSS vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the 1 user field in the create user page or 2 profile version to the create...
CVE-2013-4372
CVE-2013-4372: Stored XSS in the Fuse Management Console of Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3, exploitable via the user field on the create user page or the profile version on the create profile page. This can allow remote attackers to inject arbitrary we...