57 matches found
GHSA-V853-W46P-FV2H vulnerabilities
Vulnerabilities for packages: apache-tomee...
CVE-2026-45505 vulnerabilities
Vulnerabilities for packages: apache-tomee...
CVE-2026-42588 vulnerabilities
Vulnerabilities for packages: apache-tomee...
GHSA-HG6C-8MVR-JQC9 vulnerabilities
Vulnerabilities for packages: apache-tomee...
GHSA-HF52-78X8-6W3W vulnerabilities
Vulnerabilities for packages: apache-tomee...
CVE-2026-49270 vulnerabilities
Vulnerabilities for packages: apache-tomee...
EUVD-2016-0794
Malware in sbrugna...
EUVD-2022-1105
Malicious code in bioql PyPI...
EUVD-2022-0901
Malicious code in bioql PyPI...
EUVD-2022-3769
Malicious code in bioql PyPI...
CVE-2020-13931
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
GHSA-FG44-W3FR-HGXV Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...
Apache TomEE console vulnerable to Cross-site Scripting
The Apache TomEE console tomee-webapp has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE features to a Tomcat installation. The TomEE bundles do not ship with this application included. This...
GHSA-836G-5FR5-FGCR Missing Authentication for Critical Function in Apache TomEE
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
Missing Authentication for Critical Function in Apache TomEE
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 -...
GHSA-MP28-RQ7G-QX62 Remote code execution in Apache TomEE
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
Remote code execution in Apache TomEE
If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creatio...
The vulnerability of the Apache TomEE application server, related to authentication errors, allows attackers to escalate their privileges, execute arbitrary code, or cause service failures.
The vulnerability of the Apache TomEE application server is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to increase their privileges, execute arbitrary code, or cause service failures...
Apache TomEE JMX Vulnerability (CVE-2020-13931)
Apache TomEE is prone to a misconfiguration vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...
Missing Authentication Due To Incorrect Configuration
Apache Tomee openejb-core has missing authentication. The vulnerability exists due to an incomplete fix of CVE-2020-11969 where when embedded ActiveMQ broker with URI setting useJMX=true is used, it causes JMX port to open on TCP port 1099, which does not include authentication...