89 matches found
Improper Input Validation in Apache ActiveMQ
Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service JMS ObjectMessage object...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...
log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...
CVE-2021-20318
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
CVE-2021-37535
SAP NetWeaver Application Server Java JMS Connector Service - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges...
wildfly: resource adapter logs plaintext JMS password at warning level on connection error
A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...
[SECURITY] [DLA 2583-1] activemq security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2583-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA March 05, 2021 https://wiki.debian.org/LTS -...
wildfly: resource adapter logs plaintext JMS password at warning level on connection error
A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...
PT-2020-16144 · Red Hat · Wildfly
Name of the Vulnerable Software and Affected Versions: WildFly versions prior to 21.0.0.Final Description: A flaw was discovered in WildFly where the resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. Recommendation...
Security Bulletin: IBM Tivoli Netcool Impact affected by OpenSource Apache ActiveMQ Vulnerability (CVE-2015-5254)
Summary IBM Tivoli Netcool Impact has addressed the OpenSource Apache ActiveMQ Vulnerability. Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can be...
Security Bulletin: OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management (JazzSM) v1.1.3 (CVE-2015-5254)
Summary OpenSource Apache ActiveMQ Vulnerability identified with Jazz for Service Management v1.1.3 Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict the classes that can...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...
Code injection
IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...
CVE-2016-0276
IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...
CVE-2016-0276
IBM Financial Transaction Manager FTM for ACH Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, Financial Transaction Manager FTM for Check Services for Multi-Platform 2.1.1.2 and 3.0.0.x before fp0013, and Financial Transaction Manager FTM for Corporate Payment Services CPS for...
Artemis: Deserialization of untrusted input vulnerability
It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...