48 matches found
EUVD-2016-0794
Malware in sbrugna...
EUVD-2022-1105
Malicious code in bioql PyPI...
EUVD-2022-0901
Malicious code in bioql PyPI...
EUVD-2022-3769
Malicious code in bioql PyPI...
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
GHSA-FG44-W3FR-HGXV Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...
Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...
GHSA-836G-5FR5-FGCR Missing Authentication for Critical Function in Apache TomEE
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
Missing Authentication for Critical Function in Apache TomEE
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
GHSA-MP28-RQ7G-QX62 Remote code execution in Apache TomEE
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Remote code execution in Apache TomEE
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Apache TomEE JMX Vulnerability (CVE-2020-13931)
Apache TomEE is prone to a misconfiguration vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
Missing Authentication Due To Incorrect Configuration
Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Input validation
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Apache TomEE Authorization Issues Vulnerability
Apache TomEE is the United States Apache Software Apache Foundation of a lightweight Java EE application server . A security vulnerability exists in Apache TomEE versions 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5, which originates from the use of the embedded ActiveMQ proxy...
CVE-2020-13931
CVE-2020-13931 : Apache TomEE with embedded ActiveMQ broker and a misconfigured broker config can open a JMX port (TCP 1099) without authentication, for TomEE versions 8.0.0-M1–8.0.3, 7.1.0–7.1.3, 7.0.0-M1–7.0.8, and 1.0.0–1.7.5. This edge case was not covered by the prior fix for CVE-2020-11969,...
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Apache TomEE 授权问题漏洞
Apache TomEE is the United States Apache Software Apache Foundation of a lightweight Java EE application server . A security vulnerability exists in Apache TomEE versions 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5, which originates from the use of the embedded ActiveMQ proxy...