60 matches found
prometheus-jmx-exporter security update
An update is available for prometheus-jmx-exporter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Prometheus JMX Exporter is a JMX to Prometheus exporter: a...
Important: prometheus-jmx-exporter security update
Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...
CVE-2022-21593
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP...
CVE-2022-21593
Oracle Fusion Middleware’s Oracle HTTP Server (OHS Config MBeans) is affected for versions 12.2.1.3.0 and 12.2.1.4.0. The CVE-2022-21593 vulnerability enables an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, potentially gaining unauthorized access to data...
Cross-Site Request Forgery in Jolokia
Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...
GHSA-FJHW-8222-G2HG Cross-Site Request Forgery in Jolokia
Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...
karaf: A remote client could create MBeans from arbitrary URLs
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...
CVE-2020-24231
Symmetric DS 3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to...
Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. This interface...
PT-2020-5485 · Apache · Apache Activemq
Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.13 Description: The issue is related to a regression introduced in a commit that prevents JMX re-bind, allowing a remote client to create a javax.management.loading.MLet MBean and use it to create new...
Design/Logic Flaw
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
CVE-2019-2751
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
CVE-2019-2751
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
Oracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)
The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as noted in the July 2019 CPU advisory : - A privilege escalation vulnerability exists in the web listener component. An authenticated, local attacker can exploit this, to gain privileged...
Java JMX Agent Insecure Configuration
A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent. Moreover, this insecure configuration could allow the...
CVE-2016-8648
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...
PT-2018-5045 · Red Hat +2 · Red Hat Jboss Fuse +3
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Fuse versions 6.x Red Hat JBoss A-MQ versions 6.x Description: A flaw was discovered in the Karaf container used by Red Hat JBoss Fuse and Red Hat JBoss A-MQ, where it deserializes objects passed to MBeans via JMX operations. Th...
CVE-2018-7047
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...
CVE-2018-7047
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...
Remote code execution
An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...