Lucene search
+L

99 matches found

Prion
Prion
added 2020/03/26 1:15 p.m.15 views

Cross site scripting

RSA Authentication Manager versions prior to 8.4 P10 contain a stored cross-site scripting vulnerability in the Security Console. A malicious RSA Authentication Manager Security Console administrator with advanced privileges could exploit this vulnerability to store arbitrary HTML or JavaScript...

3.5CVSS4.9AI score0.00669EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2020/01/31 3:9 p.m.26 views

CVE-2020-1719

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

5.5CVSS2.3AI score0.00575EPSS
Exploits0References3
Prion
Prion
added 2020/01/02 8:15 p.m.23 views

Sql injection

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

4CVSS6.8AI score0.00776EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/01/02 7:9 p.m.99 views

CVE-2014-0169

CVE-2014-0169 affects JBoss EAP 6: a security domain uses a cache shared across all applications in the domain, enabling an authenticated user from one application to access resources in another without proper authorization. Root cause cited as lack of clear documentation on cache isolation betwe...

6.5CVSS6.3AI score0.00776EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/01/02 7:9 p.m.30 views

CVE-2014-0169

In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an...

6.3AI score0.00776EPSS
Exploits0References2
myhack58
myhack58
added 2019/05/20 12:0 a.m.144 views

Intel official for 5 on 15, the aeration out of the CPU side channel vulnerabilities“ZombieLoad”detailed technical analysis of under-vulnerability warning-the black bar safety net

Buffer override of the program sequence In the absence of enumeration MDCLEAR functions of the processor, certain instruction sequences can be used for cover by the MDS affect the buffer. You can point this, a detailed review of these sequences. Different processors may require different sequence...

Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/03/06 8:50 p.m.21 views

Security Bulletin: Potential Privilege escalation vulnerability in WebSphere Application Server (CVE-2018-1840)

Summary There is a potential privilege elevation vulnerability in WebSphere Application Server after migration from WebSphere Application Server Version 8 when a security domain is configured to use a federated repository other than global federated repository. Vulnerability Details CVEID:...

8.1CVSS0.6AI score0.02138EPSS
Exploits0Affected Software1
Veracode
Veracode
added 2019/01/15 9:4 a.m.33 views

Authorization Bypass

jboss-as-security is vulnerable to authorization bypass attacks. The vulnerability exists as the org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 uses the default security domain when a securi...

3.5CVSS5.8AI score0.01739EPSS
Exploits0References36Affected Software89
CNVD
CNVD
added 2019/01/10 12:0 a.m.6 views

CloudBees Jenkins and LTS Denial of Service Vulnerability (CNVD-2020-20409)

CloudBees Jenkins formerly known as Hudson Labs is a Java-based continuous integration tool from CloudBees, Inc. It is mainly used to monitor ongoing software releases/testing projects and a number of timed tasks.LTS Long-Term Support is a long-supported version of CloudBees Jenkins a long-term...

6.5CVSS6.4AI score0.0147EPSS
Exploits3References1
OSV
OSV
added 2018/12/03 3:29 p.m.1 views

CVE-2018-1840

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...

8.1CVSS5.8AI score0.02138EPSS
Exploits0References3
Prion
Prion
added 2018/12/03 3:29 p.m.10 views

Code injection

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...

6.8CVSS8AI score0.02138EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2018/12/03 3:0 p.m.19 views

CVE-2018-1840

IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to gain elevated privileges on the system, caused when a security domain is configured to use a federated repository other than global federated repository and then migrated to a newer release of WebSphere Application...

6CVSS8.1AI score0.02138EPSS
Exploits0References3
Cvelist
Cvelist
added 2018/04/11 3:0 p.m.26 views

CVE-2017-18129

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9206, MDM9607, SD 845, MSM8996, MSM8998, it is possible for IPA internet protocol accelerator channels owned by one security domain to be controlled from other domains...

9.7AI score0.01323EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2015/06/18 12:0 a.m.29 views

Amazon Linux AMI : ruby20 (ALAS-2015-547)

RubyGems provides the ability of a domain to direct clients to a separate host that is used to fetch gems and make API calls against. This mechanism is implemented via DNS, specificly a SRV record rubygems.tcp under the original requested domain. RubyGems did not validate the hostname returned in...

5CVSS7.8AI score0.08934EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/30 4:9 p.m.6 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:2 p.m.5 views

Security: Wrong security context loaded when using SAML2 STS Login Module

It was found that when processing undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if it was available. A user with valid credentials in the defined default domain, with a role that is valid in the...

3.5CVSS5.7AI score0.01739EPSS
Exploits0References4
NVD
NVD
added 2015/02/13 3:59 p.m.26 views

CVE-2014-7853

The JBoss Application Server WildFly JacORB subsystem in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information ...

4CVSS5.7AI score0.0124EPSS
Exploits0References7
Cvelist
Cvelist
added 2015/02/13 3:0 p.m.33 views

CVE-2014-7853

The JBoss Application Server WildFly JacORB subsystem in Red Hat JBoss Enterprise Application Platform EAP before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information ...

5.6AI score0.0124EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2015/02/11 8:36 p.m.6 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/02/11 8:18 p.m.4 views

Subsystem: Information disclosure via incorrect sensitivity classification of attribute

It was discovered that the JBoss Application Server WildFly JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref...

4CVSS5.8AI score0.0124EPSS
Exploits0References4
Rows per page
Query Builder