EUVD-2021-2590

Malware in sbrugna...

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

GHSA-V525-C3G5-CG9P Unsafe Deserialization that can Result in Code Execution

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

CVE-2020-36282

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code execution via crafted StreamMessage data...

CVE-2020-36282

JMS Client for RabbitMQ (1.x <1.15.2 and 2.x

Security Bulletin: App Connect Enterprise Certified Container may be vulnerable to a remote code execution vulnerability (CVE-2020-4682)

Summary An issue was found within the IBM MQ Java and JMS client libraries that could allow an attacker to execute a remote code execution attack through the IBM MQ Java and JMS client libraries in an Integration Server image. Vulnerability Details CVEID: CVE-2020-4682 DESCRIPTION: IBM MQ 7.5, 8....

Security Bulletin: IBM MQ is vulnerable to a remote code execution vulnerability (CVE-2020-4682)

Summary An issue was found within the IBM MQ Java and JMS client libraries that could allow an attacker to execute a remote code execution attack. Vulnerability Details CVEID: CVE-2020-4682 DESCRIPTION: IBM MQ could allow a remote attacker to execute arbitrary code on the system, caused by an...

Security Bulletin:IBM Integration Bus is affected by deserialization RCE vulnerability in IBM WebSphere JMS Client

Summary WebSphere MQ V9.0 libraries are shipped in IBM Integration Bus and hence IBM Integration Bus is vulnerable to IBM WebSphere MQ JMS client deserialization RCE vulnerability. Vulnerability Details CVEID: CVE-2016-0360 DESCRIPTION: IBM Websphere MQ JMS client provides classes that deserializ...

Security Bulletin: RCE vulnerability in JMS Client in IBM MessageSight (CVE-2016-0375)

Summary RCE vulnerability in JMS Client in IBM MessageSight Vulnerability Details CVEID: CVE-2016-0375 DESCRIPTION: IBM MessageSight contains an unspecified vulnerability that could allow a remote authenticated attacker to execute arbitrary commands with administrator privileges. CVSS Base Score:...

Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server bundled with IBM WebSphere Application Server Patterns and IBM WebSphere Application Server for Cloud (CVE-2016-0360)

Summary There is a potential privilege escalation vulnerability in traditional WebSphere Application Server shipped with WebSphere Patterns. IBM Websphere MQ JMS client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java co...

Security Bulletin: IBM WebSphere MQ JMS client deserialization RCE vulnerability (CVE-2016-0360)

Summary A potential vulnerability exists within the JMSObjectMessage class, which IBM WebSphere MQ provides as part of its Java Message Service implementation. Vulnerability Details JMS Object messages depend on Java Serialization for marshalling/unmarshalling of the message payload...

IBM MQ 8.x < 8.0.0.3 Multiple Information Disclosure (credentialed check)

The version of IBM MQ formerly IBM WebSphere MQ 8.x installed on the remote Windows host is missing fix pack 8.0.0.3 or later. It is, therefore, affected by the following vulnerabilities : - A flaw exists in the Advanced Message Security policy when a JMS client application sends a message to the...

CVE-2016-0360

IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides classes that deserialize objects from untrusted sources which could allow a malicious user to execute arbitrary Java code by adding vulnerable classes to the classpath. IBM Reference : 1983457...

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

CVE-2016-4974

Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS AMQP 1.0 before 0.10.0 does not restrict the use of classes available on the classpath, which might allow remote authenticated users with permission to send messages to deserialize arbitrary objects and execute arbitrary code by leveraging a...

Apache Qpid AMQP 0-x JMS Client and Qpid JMS Client Deserialization Vulnerabilities

Apache Qpid is the United States Apache Apache Software Foundation developed an object-oriented messaging middleware , it is an AMQP Advanced Message Queuing Protocol implementation , you can communicate with AMQP-compliant systems , and provides client libraries in C + + + , Python, Java, C and...

CVE-2016-0375

JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through 1.2.0.3, and 2.0.x through 2.0.0.0 allows remote authenticated users to obtain administrator privileges for executing arbitrary commands via unspecified vectors...