5 matches found
com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +52 more potentially affected by CVE-2021-41766 via org.apache.karaf.management:org.apache.karaf.management.server (>=2.2.4 <=4.3.5)
org.apache.karaf.management:org.apache.karaf.management.server MAVEN version =2.2.4, =1.5, =4.4.1, =2.0.0, =2.0.6, =1.4.62, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.2.4, =2.2.3, =2.3.6 and more Source cves: CVE-2021-41766 Source advisory: OSV:GHSA-JH5G-9M4V-9VV9...
CVE-2021-41766
A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...
CVE-2021-41766
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...
CVE-2021-41766
CVE-2021-41766 affects Apache Karaf. The issue arises from insecure Java deserialization in the JMX-based management interface used by Karaf, where the JMX server class path is not protected against unauthenticated deserialization. This can enable an attacker to monitor applications and the Java ...
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...