Lucene search
+L

5 matches found

vulnersOsv
vulnersOsv
added 2022/01/28 10:24 p.m.5 views

com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +52 more potentially affected by CVE-2021-41766 via org.apache.karaf.management:org.apache.karaf.management.server (>=2.2.4 <=4.3.5)

org.apache.karaf.management:org.apache.karaf.management.server MAVEN version =2.2.4, =1.5, =4.4.1, =2.0.0, =2.0.6, =1.4.62, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.2.4, =2.2.3, =2.3.6 and more Source cves: CVE-2021-41766 Source advisory: OSV:GHSA-JH5G-9M4V-9VV9...

8.1CVSS7.2AI score0.02033EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/01/26 2:41 p.m.28 views

CVE-2021-41766

A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...

8.1CVSS3.6AI score0.02033EPSS
Exploits0References3
OSV
OSV
added 2022/01/26 11:15 a.m.39 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.1CVSS7.6AI score0.02033EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/01/26 11:10 a.m.57 views

CVE-2021-41766 Insecure Java Deserialization in Apache Karaf

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

8.6AI score0.02033EPSS
Exploits0References1
CVE
CVE
added 2022/01/26 11:10 a.m.143 views

CVE-2021-41766

CVE-2021-41766 affects Apache Karaf. The issue arises from insecure Java deserialization in the JMX-based management interface used by Karaf, where the JMX server class path is not protected against unauthenticated deserialization. This can enable an attacker to monitor applications and the Java ...

8.1CVSS8.3AI score0.02033EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder