PT-2025-2827 · Ibm · Ibm App Connect Enterprise

Name of the Vulnerable Software and Affected Versions: IBM App Connect Enterprise versions 12.0.1.0 through 12.0.7.0 IBM App Connect Enterprise version 13.0.1.0 Description: The issue allows a privileged user to obtain JMS credentials under certain configurations. This is related to improper...

Apache ActiveMQ Remote Code Execution Vulnerability (CNVD-2023-80853)

Apache ActiveMQ is the United States Apache Apache Foundation of a set of open source messaging middleware , which supports Java messaging services , clustering , Spring Framework and so on. Apache ActiveMQ remote code execution vulnerability , when an unauthenticated attacker can use the...

Security Bulletin: IBM MQ trace can inadvertently trace sensitive data (CVE-2023-28950)

Summary When Advanced Message Security setup is enabled, an issue was identified with IBM MQ tracing logic that meant sensitive data could be captured while IBM MQ trace was running. This data would be stored in plaintext within the IBM MQ trace files. Vulnerability Details CVEID:CVE-2023-28950...

Apache Flume 输入验证错误漏洞

Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

Apache Flume 安全漏洞

Apache Flume is a distributed, reliable and available service from the Apache Foundation. A remote code execution vulnerability exists in Apache Flume, which stems from the configuration of a JMS source with a JNDI LDAP data source URI, and could be exploited by an attacker to cause a remote code...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSSink in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if JMSSink is deployed and has been configured to perform JNDI requests...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender

A flaw was found in the Java logging library Apache Log4j in version 1.x. JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker's JND...

Pivotal Software RabbitMQ 代码问题漏洞

Pivotal Software RabbitMQ is a suite of open source message broker software from Pivotal Software, USA that implements the Advanced Message Queuing Protocol AMQP. A code issue vulnerability exists in JMS Client on RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0, which stems from vulnerability to...

wildfly: resource adapter logs plaintext JMS password at warning level on connection error

A flaw was found in wildfly. JMS passwords are logged by the resource adaptor in plain text at the warning level when a connection error occurs allowing any user that has access to the log to gain access to this sensitive information. The highest threat from this vulnerability is to data...

Red Hat WildFly Information Disclosure Vulnerability (CNVD-2020-67088)

Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . An information disclosure vulnerability exists in versions prior to WildFly 21.0.0, which stems from a resource adapter logging plain-text JMS passwords at the warning level a...

Red Hat Wildfly 日志信息泄露漏洞

Red Hat Wildfly is the United States Red Hat Red Hat, Inc. of a lightweight JavaEE-based open source application server . An information disclosure vulnerability exists in versions prior to WildFly 21.0.0, which stems from a resource adapter logging plain-text JMS passwords at the warning level a...

GHSA-C2Q3-4QRH-FM48 Deserialization of untrusted data in Jackson Databind

FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and...

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

Artemis: Deserialization of untrusted input vulnerability

It was found that use of a JMS ObjectMessage does not safely handle user supplied data when deserializing objects. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage...

Oracle WebLogic Server Java Object Deserialization RCE (April 2016 CPU)

The remote Oracle WebLogic Server is affected by a remote code execution vulnerability in the Java Messaging Service subcomponent in the readExternal function due to improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit this, via a crafted object payload, t...

Unspecified Vulnerability in Oracle Fusion Middleware WebLogic Server Component (CNVD-2016-02481)

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's business innovation platform for enterprise and cloud environments, of which Oracle WebLogic Server is an application server component for both cloud and traditional environments. An unspecified vulnerability exists in the Jav...