Apache Struts ClassLoader Manipulation Vulnerabilities (S2-021) - Linux

ClassLoader Manipulation in Apache Struts allows remote attackers to execute arbitrary Java code. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective...

IBM WebSphere Application Server Code Execution Vulnerability (CNVD-2018-26213)

IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A code execution vulnerability exists in IBM WAS, which can ...

CVE-2018-1904

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533...

Code injection

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533...

Security Bulletin: Content Collector for Email is affected by java deserialization vulnerability resulting in execution of untrusted data via the application server's SOAP port

Summary Content Collector for Email has addressed the following vulnerability. IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. Vulnerability Details CVEID: CVE-2018-1567...

Code injection

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

Remote Code Execution (RCE)

apache-cassandra is vulnerable to remote code execution RCE attacks. The library binds unauthenticated Remote Method Invocation RMI Interfaces to all network interfaces, allowing a malicious user to invoke an RMI request to inject and execute arbitrary Java code. This is a regression of...

CVE-2018-12533

JBoss RichFaces 3.1.0 through 3.3.4 allows unauthenticated remote attackers to inject expression language EL expressions and execute arbitrary Java code via a /DATA/ substring in a path with an org.richfaces.renderkit.html.Paint2DResource$ImageData object, aka RF-14310...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

JBoss RichFaces Arbitrary Java Code Execution Vulnerability (CNVD-2018-11847)

Red Hat JBoss RichFaces is the United States Red Hat Red Hat, Inc. of an open source JSF JavaServer Faces component library . The library provides built-in JavaScript and Ajax functionality . A security vulnerability exists in Red Hat JBoss RichFaces versions 4.5.3 through 4.5.17. A remote attack...

CVE-2018-12532

JBoss RichFaces 4.5.3 through 4.5.17 allows unauthenticated remote attackers to inject an arbitrary expression language EL variable mapper and execute arbitrary Java code via a MediaOutputResource's resource request, aka RF-14309...

Security Bulletin: Code execution vulnerability in IBM MessageSight (CVE-2016-5983)

Summary There is a potential code execution vulnerability in WebSphere Application Server Liberty Profile used by IBM MessageSight Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized...

Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2016-0378, CVE-2016-3040, CVE-2016-5986, CVE-2016-5983)

Summary Websphere Application Server - Liberty profile is shipped as a component of IBM Operations Analytics - Log Analysis. Information about a cross-site scripting vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:...

Security Bulletin: Vulnerabilities exist in Watson Explorer Analytical Components, Watson Explorer Annotation Administration Console, and Watson Content Analytics

Summary Security vulnerabilities have been identified in IBM Watson Explorer Analytical Components, Watson Explorer Foundational Components Annotation Administration Console, and IBM Watson Content Analytics. Vulnerability Details CVEID: CVE-2016-5986 DESCRIPTION: IBM WebSphere Application Server...

Security Bulletin:IBM WebSphere deserialization of untrusted data in IBM eDiscovery Manager

Summary IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java cod...

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983)

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server...

Remote code execution

H2 1.4.197, as used in Datomic before 0.9.5697 and other products, allows remote code execution because CREATE ALIAS can execute arbitrary Java code. NOTE: the vendor's position is "h2 is not designed to be run outside of a secure environment."...

CVE-2018-1000130

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...

Remote Code Execution (RCE)

jolokia-jsr160 is vulnerable to remote code execution RCE attacks. The application does not restrict access to the server in proxy mode, allowing a malicious user to inject and execute arbitrary Java code...

Design/Logic Flaw

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server...