Authentication flaw

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

CVE-2022-45927

An issue was discovered in OpenText Content Suite Platform 22.1 16.2.19.1803. The Java application server can be used to bypass the authentication of the QDS endpoints of the Content Server. These endpoints can be used to create objects and execute arbitrary code...

CVE-2022-41262

Due to insufficient input validation, SAP NetWeaver AS Java HTTP Provider Service - version 7.50, allows an unauthenticated attacker to inject a script into a web request header. On successful exploitation, an attacker can view or modify information causing a limited impact on the confidentiality...

IBM WebSphere Application Server Liberty 安全漏洞

IBM WebSphere Application Server Liberty is a Java application server built on top of the Open Liberty project from International Business Machines IBM. IBM WebSphere Application Server Liberty has a denial-of-service vulnerability that stems from a flaw in the parser of text-formatted data, whic...

CVE-2022-35740

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

Path traversal

dotCMS before 22.06 allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a URL to introduce a matrix parameter. This is also fixed in 5.3.8.12, 21.06.9, and 22.03.2 for LTS users. Some Java application frameworks, including those used ...

CVE-2022-35740

CVE-2022-35740 : dotCMS before 22.06 allows remote attackers to bypass access controls and access restricted resources by placing a semicolon in a URL to introduce a matrix parameter, enabling path-based XSS bypass in some frameworks (e.g., Spring/Tomcat). The issue can chain into XSS; impact pub...

GHSA-QPR7-5M63-HQ2C Improper Neutralization of Input During Web Page Generation in JAMon

Multiple cross-site scripting XSS vulnerabilities in JAMon Java Application Monitor 2.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 listenertype or 2 currentlistener parameter to mondetail.jsp or ArraySQL parameter to 3 mondetail.jsp, 4 jamonadmin.jsp, 5...

Spring Framework insecurely handles PropertyDescriptor objects with data binding

Overview The Spring Framework insecurely handles PropertyDescriptor objects, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Spring Framework is a Java framework that can be used to create applications such as web applications...

IBM Websphere AS Access Control Error Vulnerability

IBM WebSphere Application Server Liberty is a U.S. IBM company built on the Open Liberty project on top of the Java application server . A security vulnerability exists in IBM WebSphere Application Server Liberty that can be exploited by an attacker to bypass access restrictions to WebSphere AS...

CVE-2021-37535

SAP NetWeaver Application Server Java JMS Connector Service - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges...

SAP NetWeaver AS 信息泄露漏洞

SAP NetWeaver AS is a SAP web application server from SAP, a German company. SAP NetWeaver AS JAVA has an information disclosure vulnerability that can be exploited by attackers to obtain sensitive information in HTTP requests...

SAP Netweaver 代码问题漏洞

SAP NetWeaver ABAP Server is an application server for ABAP Advanced Business Application Programming. A code issue vulnerability exists in SAP NetWeaver AS for JAVA, which can be exploited by remote attackers to submit a special request that can bypass security restrictions and allow unauthorize...

Unspecified Vulnerability in Eclipse OpenJ9

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in Eclipse Openj9 version 0.25, which stems from the fact that the jdk.internal.reflect.ConstantPool API causes the JVM to pre-parse...

SAP NetWeaver Application Server for Java Information Disclosure Vulnerability

SAP Netweaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform provides a development and runtime environment for SAP applications. An information disclosure vulnerability exists in SAP NetWeaver Application Server for Java versions 7.30, 7.31,...

Remote code execution

An issue was discovered in Visualware MyConnection Server before v11.1a. Unauthenticated Remote Code Execution can occur via Arbitrary File Upload in the web service when using a myspeed/sf?filename= URI. This application is written in Java and is thus cross-platform. The Windows installation run...

Eclipse OpenJ9 Buffer Overflow Vulnerability (CNVD-2021-08893)

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A buffer overflow vulnerability exists in Eclipse OpenJ9 versions prior to 0.23, which stems from a stack-based buffer overflow that can occur when the virtual machine ...

CVE-2020-26829

SAP NetWeaver AS JAVA P2P Cluster Communication, versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. ...

CVE-2020-26820

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate...

Security Bulletin: CVE-2018-11775 TLS hostname verification when using the Apache ActiveMQ Client

Summary TLS hostname verification when using the Apache ActiveMQ Client before 5.15.6 was missing which could make the client vulnerable to a MITM attack between a Java application using the ActiveMQ client and the ActiveMQ server. This is now enabled by default. Vulnerability Details CVEID:...