Lucene search
K

60 matches found

Rockylinux
Rockylinux
added 2022/12/15 3:8 p.m.55 views

prometheus-jmx-exporter security update

An update is available for prometheus-jmx-exporter. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Prometheus JMX Exporter is a JMX to Prometheus exporter: a...

9.8CVSS9.5AI score0.99615EPSS
Exploits8
AlmaLinux
AlmaLinux
added 2022/12/15 12:0 a.m.45 views

Important: prometheus-jmx-exporter security update

Prometheus JMX Exporter is a JMX to Prometheus exporter: a collector that can be configured to scrape and expose MBeans of a JMX target. Security Fixes: SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-1471 For more details about the security issues, including the impact, a...

9.8CVSS1.7AI score0.99615EPSS
Exploits8References4
ATTACKERKB
ATTACKERKB
added 2022/10/18 9:15 p.m.6 views

CVE-2022-21593

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware component: OHS Config MBeans. Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP...

7.1CVSS7.1AI score0.00631EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/10/18 12:0 a.m.64 views

CVE-2022-21593

Oracle Fusion Middleware’s Oracle HTTP Server (OHS Config MBeans) is affected for versions 12.2.1.3.0 and 12.2.1.4.0. The CVE-2022-21593 vulnerability enables an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, potentially gaining unauthorized access to data...

7.1CVSS7.1AI score0.00631EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:31 a.m.29 views

Cross-Site Request Forgery in Jolokia

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

6.8CVSS8.6AI score0.00739EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/05/17 4:31 a.m.3 views

GHSA-FJHW-8222-G2HG Cross-Site Request Forgery in Jolokia

Cross-site request forgery CSRF vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page...

6.8CVSS7.3AI score0.00739EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2020/12/16 12:11 p.m.6 views

karaf: A remote client could create MBeans from arbitrary URLs

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role c...

6.5CVSS5.9AI score0.01876EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/10/05 3:38 p.m.24 views

CVE-2020-24231

Symmetric DS 3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to...

9.7AI score0.01807EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2020/09/23 12:0 a.m.37 views

Micro Focus Operations Bridge Reporter JMX Missing Authentication Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Micro Focus Operations Bridge Reporter. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the JMX remote interface. This interface...

9.8CVSS4.9AI score0.05235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2020/09/10 12:0 a.m.5 views

PT-2020-5485 · Apache · Apache Activemq

Name of the Vulnerable Software and Affected Versions: Apache ActiveMQ versions prior to 5.15.13 Description: The issue is related to a regression introduced in a commit that prevents JMX re-bind, allowing a remote client to create a javax.management.loading.MLet MBean and use it to create new...

10CVSS9.4AI score0.51225EPSS
Exploits0References22
Prion
Prion
added 2019/07/23 11:15 p.m.33 views

Design/Logic Flaw

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

4.3CVSS5.7AI score0.01422EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2019/07/23 10:31 p.m.22 views

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

6AI score0.01422EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/07/23 10:31 p.m.34 views

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware subcomponent: OHS Config MBeans. Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

5.7AI score0.01422EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2019/07/18 12:0 a.m.107 views

Oracle Fusion Middleware Oracle HTTP Server (Jul 2019 CPU)

The version of Oracle HTTP Server installed on the remote host is affected by the following vulnerabilities as noted in the July 2019 CPU advisory : - A privilege escalation vulnerability exists in the web listener component. An authenticated, local attacker can exploit this, to gain privileged...

7.8CVSS7AI score0.65005EPSS
Exploits8References3
Tenable Nessus
Tenable Nessus
added 2018/10/10 12:0 a.m.2933 views

Java JMX Agent Insecure Configuration

A Java JMX agent running on the remote host is configured without SSL client and password authentication. An unauthenticated, remote attacker can connect to the JMX agent and monitor and manage the Java application that has enabled the agent. Moreover, this insecure configuration could allow the...

6AI score
Exploits0References2
Cvelist
Cvelist
added 2018/08/01 2:0 p.m.30 views

CVE-2016-8648

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain...

7.2CVSS7.4AI score0.02004EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2018/08/01 12:0 a.m.6 views

PT-2018-5045 · Red Hat +2 · Red Hat Jboss Fuse +3

Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Fuse versions 6.x Red Hat JBoss A-MQ versions 6.x Description: A flaw was discovered in the Karaf container used by Red Hat JBoss Fuse and Red Hat JBoss A-MQ, where it deserializes objects passed to MBeans via JMX operations. Th...

7.2CVSS7.3AI score0.02004EPSS
Exploits0References3
OSV
OSV
added 2018/03/01 9:29 p.m.7 views

CVE-2018-7047

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...

9.8CVSS6.1AI score0.02359EPSS
Exploits0References2
NVD
NVD
added 2018/03/01 9:29 p.m.19 views

CVE-2018-7047

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...

9.8CVSS9.6AI score0.02359EPSS
Exploits0References2
Prion
Prion
added 2018/03/01 9:29 p.m.19 views

Remote code execution

An issue was discovered in the MBeans Server in Wowza Streaming Engine before 4.7.1. The file system may be read and written to via JMX using the default JMX credentials remote code execution may be possible as well...

7.5CVSS9.4AI score0.02359EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder