Lucene search
+L

148 matches found

Cvelist
Cvelist
added 2025/07/21 9:30 a.m.10 views

CVE-2025-49656 Apache Jena: Administrative users can create files outside the server directory space via the admin UI

Users with administrator access can create databases files outside the files area of the Fuseki server. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which fixes the issue...

0.01401EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.6 views

PT-2025-30257 · Apache +1 · Fuseki +2

Name of the Vulnerable Software and Affected Versions: Apache Jena versions prior to 5.5.0 Description: Users with administrator access can create database files outside the designated files area of the Fuseki server. Recommendations: Upgrade to version 5.5.0...

7.5CVSS6.2AI score0.01401EPSS
Exploits0References19
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

Apache Jena 安全漏洞

Apache Jena is the Apache Software Foundation's Semantic Web framework for building and processing RDF data. A path traversal vulnerability exists in Apache Jena 5.4.0 and earlier versions, which originates from a user with administrator privileges being able to create database files outside of t...

7.5CVSS6.6AI score0.01401EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/21 12:0 a.m.5 views

Apache Jena 安全漏洞

Apache Jena is the Apache Software Foundation's open source Java framework for building semantic web and linked data applications. A file path validation vulnerability exists in Apache Jena 5.4.0 and earlier versions, which stems from a failure to validate file access paths in configuration files...

8.8CVSS6.8AI score0.00937EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.1 views

PT-2025-30258 · Apache +1 · Apache Jena +1

Name of the Vulnerable Software and Affected Versions: Apache Jena versions up to 5.4.0 Description: The application does not validate file access paths within configuration files uploaded by users possessing administrator privileges. This could allow for unauthorized access or manipulation of...

8.8CVSS6.5AI score0.00937EPSS
Exploits0References18
RedhatCVE
RedhatCVE
added 2025/05/23 5:10 a.m.10 views

CVE-2023-32200

There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a SPARQL query. This issue affects Apache Jena: from 3.7.0 through 4.8.0...

8.8CVSS7AI score0.01473EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:15 a.m.4 views

CVE-2023-22665

There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query...

5.4CVSS7.4AI score0.01324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:51 a.m.11 views

CVE-2022-45136

Apache Jena SDB 3.17.0 and earlier is vulnerable to a JDBC Deserialisation attack if the attacker is able to control the JDBC URL used or cause the underlying database server to return malicious data. The mySQL JDBC driver in particular is known to be vulnerable to this class of attack. As a resu...

9.8CVSS6.6AI score0.01525EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:43 p.m.11 views

CVE-2022-28890

A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities...

9.8CVSS6.7AI score0.0247EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:44 p.m.4 views

CVE-2021-39239

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities XXE, including exposing the contents of local files to a remote server...

7.5CVSS7.2AI score0.04306EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:38 p.m.9 views

CVE-2021-33192

A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 inclusive...

6.1CVSS7.2AI score0.02881EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2023-22665

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute...

5.4CVSS7AI score0.01324EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-32200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is insufficient restrictions of called script functions in Apache Jena versions 4.8.0 and earlier. It allows a remote user to execute javascript via a...

8.8CVSS7.2AI score0.01473EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/13 8:49 a.m.27 views

Security Bulletin: IBM Engineering Lifecycle Management is impacted by vulnerabilities in Apache Jena

Summary A vulnerability has been identified in Apache Jena - jena-core-2.7.1.jar, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache...

9.8CVSS6.7AI score0.04306EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/28 8:59 a.m.41 views

Security Bulletin: IBM Integration Bus is vulnerable to a local attacker due to Apache Jena (CVE-2023-32200)

Summary First time Integration node startup, following version to version migration, is vulnerable to allowing a local attacker to execute arbitrary code due Apache Jena in IBM Integration Bus. CVE-2023-32200 Vulnerability Details CVEID: CVE-2023-32200 DESCRIPTION: Apache Jena could allow a remot...

8.8CVSS7.2AI score0.01473EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/11/17 11:49 p.m.65 views

Security Bulletin: IBM Storage Protect for Virtual Environments is vulnerable to arbitrary code execution, sensitive information disclosure, and denial of service due to CVEs in Apache Velocity, Apache Jena, and XStream (woodstox)

Summary IBM Storage Protect for Virtual Environments Data Protection for VMware and Data Protection for Hyper-V can be affected by security flaws in Apache Velocity, Apache Jena, and XStream woodstox. The flaws can lead to arbitrary code execution, sensitive information disclosure, and denial of...

9.8CVSS9.7AI score0.22709EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:15 a.m.46 views

Security Bulletin: Vulnerability in Apache Jena-arq library affects IBM Engineering Lifecycle Optimization - Publishing

Summary IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena-arq Vulnerability Details CVEID:CVE-2023-22665 DESCRIPTION: Apache Jena could allow a remote attacker to execute arbitrary code on the system, caused by improper checking of user querie...

5.4CVSS6.3AI score0.01324EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 8:11 a.m.45 views

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core

Summary BM Engineering Lifecycle Optimization - Publishing is vulnerable to a remote attack due to Apache Jena Core Vulnerability Details CVEID:CVE-2021-39239 DESCRIPTION: Apache Jena could allow a remote attacker to obtain sensitive information, caused by improper handling of XML external entity...

9.8CVSS8.4AI score0.04306EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/10/04 7:46 a.m.42 views

Security Bulletin: IBM Jazz Reporting Service is vulnerable to XML external entity (XXE) attacks due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0 (CVE-2021-39239)

Summary IBM Jazz Reporting Service is vulnerable to CVE-2021-39239 due to a vulnerability in XML processing in Apache Jena, in versions up to 4.1.0. Apache Jena is used by IBM Jazz Reporting Service for working with RDF models. The fix disables external entity processing in calls made to the...

9.8CVSS8.7AI score0.04306EPSS
Exploits0Affected Software1
CNVD
CNVD
added 2023/07/14 12:0 a.m.37 views

Apache Jena Code Execution Vulnerability

Apache Jena is the United States Apache Apache Foundation of a Java Semantic Web framework. Used to build semantic Web and linked data applications. Apache Jena suffers from a code execution vulnerability that stems from insufficient restrictions on called script functions. An attacker can exploi...

8.8CVSS7.6AI score0.01473EPSS
Exploits0References1
Rows per page
Query Builder