99 matches found
Cross site scripting
RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...
CVE-2020-1719
A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...
Sql injection
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...
CVE-2014-0169
CVE-2014-0169 affects JBoss EAP 6: a security domain uses a cache shared across all applications in the domain, enabling an authenticated user from one application to access resources in another without proper authorization. Root cause cited as lack of clear documentation on cache isolation betwe...
CVE-2014-0169
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...
Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis of under-vulnerability warning-the black bar safety net
Buffer override of the program sequence In the absence of enumeration MDCLEAR functions of the processor, certain instruction sequences can be used for cover by the MDS affect the buffer. You can point this, a detailed review of these sequences. Different processors may require different sequence...
Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)
Summary There is a potential privilege elevation vulnerability in WebSphere Application Server after migration from WebSphere Application Server Version 8 when a security domain is configured to use a federated repository other than global federated repository. Vulnerability Details CVEID:...
Authorization Bypass
jboss-as-security is vulnerable to authorization bypass attacks. The vulnerability exists as the org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 uses the default security domain when a securi...
CloudBees Jenkins and LTS Denial of Service Vulnerability (CNVD-2020-20409)
CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-term...
CVE-2018-1840
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...
Code injection
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...
CVE-2018-1840
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...
CVE-2017-18129
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA internet protocol accelerator channels owned by one security domain to be controlled from other domains...
Amazon Linux AMI : ruby20 (ALAS-2015-547)
RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Security: Wrong security context loaded when using SAML2 STS Login Module
It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...
CVE-2014-7853
The JBoss Application Server WildFly JacORB subsystem in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information ...
CVE-2014-7853
The JBoss Application Server WildFly JacORB subsystem in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information ...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...
Subsystem: Information disclosure via incorrect sensitivity classification of attribute
It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...