CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

31 matches found

SUSE CVE•added 2023/02/15 5:50 a.m.•4 views

SUSE CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS9.6AI score0.00719EPSS

Exploits30References4

VulnCheck KEV•added 2016/03/25 12:0 a.m.•0 views

VulnCheck KEV: CVE-2011-2908

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests...

6CVSS6.3AI score0.00717EPSS

Exploits0References1

NVD•added 2013/02/05 11:55 p.m.•13 views

CVE-2011-4575

Cross-site scripting XSS vulnerability in the JMX console in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.5AI score0.01272EPSS

Exploits0References14

NVD•added 2013/02/05 11:55 p.m.•24 views

CVE-2012-3369

The CallerIdentityLoginModule in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's...

4CVSS6.8AI score0.0131EPSS

Exploits0References16

NVD•added 2013/02/05 11:55 p.m.•17 views

CVE-2012-3370

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform EAP before 5.2.0, Web Platform EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remot...

5.8CVSS6.7AI score0.01673EPSS

Exploits1References17

Prion•added 2013/02/05 11:55 p.m.•17 views

Input validation

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...

2.1CVSS6.2AI score0.00071EPSS

Exploits1References16Affected Software3

CVE•added 2013/02/05 11:11 p.m.•68 views

CVE-2012-3370

CVE-2012-3370 affects JBoss components (EAP, EWP, BRMS, SOA) prior to the stated versions, where SecurityAssociation.getCredential() returns the previous user’s credentials when no security context is provided, enabling remote privilege escalation to a different user. Red Hat advisories (RHSA/RHB...

5.8CVSS5.7AI score0.01673EPSS

Exploits1References17Affected Software1

CVE•added 2013/02/05 11:11 p.m.•68 views

CVE-2012-0034

The CVE affects JBoss components where NonManagedConnectionFactory logs the username and password in cleartext during exception handling, risking local disclosure of credentials for EAP 5.1.2/5.2.0, EWP 5.1.2/5.2.0, and BRMS Platform before 5.3.1. Impact is limited to local confidentiality exposu...

2.1CVSS5.2AI score0.00071EPSS

Exploits1References16Affected Software1

CVE•added 2013/02/05 11:11 p.m.•64 views

CVE-2011-4575

CVE-2011-4575 is an XSS vulnerability in the JMX Console of JBoss products (EAP before 5.2.0, EWP before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1) allowing remote injection of script/HTML via unspecified vectors. Connected sources summarize the same CVE as an XSS flaw in t...

4.3CVSS5.4AI score0.01272EPSS

Exploits0References14Affected Software1

Positive Technologies•added 2013/02/05 12:0 a.m.•1 views

PT-2013-1520 · Red Hat · Brms Platform +3

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform EAP versions prior to 5.2.0 Web Platform EWP versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1 Description: The issue concerns the JMXInvokerHAServlet and...

6.8CVSS7AI score0.5129EPSS

Exploits1References23

RedHat Linux•added 2013/01/31 7:31 p.m.•3 views

Cache: NonManagedConnectionFactory will log password in clear text when an exception occurs

2.1CVSS6.2AI score0.00071EPSS

Exploits1References4

RedHat Linux•added 2013/01/24 6:52 p.m.•1 views

CSRF on jmx-console allows invocation of operations on mbeans

6CVSS6.7AI score0.00717EPSS

Exploits0References4

RedHat Linux•added 2013/01/24 6:44 p.m.•1 views

CSRF on jmx-console allows invocation of operations on mbeans

6CVSS6.7AI score0.00717EPSS

Exploits0References4

RedHat Linux•added 2013/01/24 6:41 p.m.•1 views

JBoss: SecurityAssociation.getCredential() will return the previous credential if no security context is provided

5.8CVSS6.3AI score0.01673EPSS

Exploits1References4

RedHat Linux•added 2013/01/24 6:31 p.m.•1 views

JGroups diagnostics service enabled by default with no authentication when a JGroups channel is started

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

3.3CVSS6.3AI score0.00989EPSS

Exploits1References4

RedHat Linux•added 2013/01/24 6:7 p.m.•1 views

JBoss: CallerIdentityLoginModule retaining password from previous call if a null password is provided

4CVSS6.2AI score0.0131EPSS

Exploits0References4

RedHat Linux•added 2013/01/24 6:7 p.m.•1 views

CSRF on jmx-console allows invocation of operations on mbeans

6CVSS6.7AI score0.00717EPSS

Exploits0References4

NVD•added 2012/11/23 8:55 p.m.•18 views

CVE-2012-2377