5 matches found
com.cibuddy:karaf.assembly (=1.0.0), com.kagurabi.services:kagura-assembly (>=1.5 <=1.9) +52 more potentially affected by CVE-2021-41766 via org.apache.karaf.management:org.apache.karaf.management.server (>=2.2.4 <=4.3.5)
org.apache.karaf.management:org.apache.karaf.management.server MAVEN version =2.2.4, =1.5, =4.4.1, =2.0.0, =2.0.6, =1.4.62, =2.7.7, =3.0.0, =1.6.1-incubating, =1.6.1-incubating, =2.2.4, =2.2.3, =2.3.6 and more Source cves: CVE-2021-41766 Source advisory: OSV:GHSA-JH5G-9M4V-9VV9...
CVE-2021-41766
A flaw was found in Apache Karaf. This issue allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX...
CVE-2021-41766
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...
CVE-2021-41766 Insecure Java Deserialization in Apache Karaf
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...
CVE-2021-41766
CVE-2021-41766 affects Apache Karaf. The issue arises from insecure Java deserialization in the JMX-based management interface used by Karaf, where the JMX server class path is not protected against unauthenticated deserialization. This can enable an attacker to monitor applications and the Java ...