Lucene search
K

69 matches found

UbuntuCve
UbuntuCve
added 2012/11/23 8:55 p.m.26 views

CVE-2012-2377

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a...

3.3CVSS6.3AI score0.01448EPSS
Exploits1References2
Prion
Prion
added 2012/11/23 8:55 p.m.34 views

Input validation

The 1 JNDI service, 2 HA-JNDI service, and 3 HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly...

7.5CVSS7.1AI score0.03521EPSS
Exploits1References18Affected Software5
Prion
Prion
added 2012/11/23 8:55 p.m.22 views

Input validation

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to...

4.6CVSS6.8AI score0.01604EPSS
Exploits1References14Affected Software4
CVE
CVE
added 2012/11/23 8:0 p.m.78 views

CVE-2011-2908

CVE-2011-2908 describes a CSRF flaw in the JMX Console (jmx-console) affecting JBoss Enterprise Portal Platform < 5.2.2, BRMS Platform 5.3.0

6CVSS6.2AI score0.01567EPSS
Exploits0References18Affected Software3
CVE
CVE
added 2012/11/23 8:0 p.m.75 views

CVE-2012-2377

CVE-2012-2377 affects: JBoss Enterprise Portal Platform <5.2.2, JBoss SOA Platform <5.3.0, and BRMS Platform

3.3CVSS5.4AI score0.01448EPSS
Exploits1References19Affected Software1
CVE
CVE
added 2012/11/23 8:0 p.m.89 views

CVE-2011-4605

Summary: CVE-2011-4605 affects JBoss/JBossAS JNDI-related services. The vulnerability stems from insufficient access restrictions in the JNDI service, HA-JNDI service, and the HAJNDIFactory invoker servlet, allowing remote attackers to write to the JNDI tree. This could enable adding, deleting, o...

7.5CVSS6.5AI score0.03521EPSS
Exploits1References18Affected Software5
Positive Technologies
Positive Technologies
added 2012/11/23 12:0 a.m.14 views

PT-2012-1801 · Red Hat · Red Hat Jboss Enterprise Application Platform +3

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform versions prior to 5.1.2 JBoss SOA Platform versions prior to 5.2.0 JBoss BRMS Platform versions prior to 5.3.0 JBoss Portal Platform versions prior to 4.3 CP07 Description: The issue allows remote attacke...

6.8CVSS6.5AI score0.02953EPSS
Exploits3References13
RedHat Linux
RedHat Linux
added 2012/10/03 3:8 p.m.17 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 security update

An update for the JBoss Web Services component in JBoss Enterprise SOA Platform 5.3.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...

5CVSS6.5AI score0.02587EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2012/09/19 5:41 p.m.7 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 update

An update for JBoss Enterprise SOA Platform 4.2.0.CP05 and 4.3.0.CP05 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base scor...

7.5CVSS6AI score0.03521EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2012/09/05 4:26 p.m.5 views

CSRF on jmx-console allows invocation of operations on mbeans

Cross-site request forgery CSRF vulnerability in the JMX Console jmx-console in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that...

6CVSS6.7AI score0.01567EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/07/31 2:24 p.m.10 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.3.0 update

JBoss Enterprise SOA Platform 5.3.0, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS...

7.8CVSS6.5AI score0.0436EPSS
Exploits4References12
RedHat Linux
RedHat Linux
added 2011/12/08 7:13 p.m.4 views

Invoker servlets authentication bypass (HTTP verb tampering)

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

6.8CVSS6.4AI score0.02953EPSS
Exploits3References4
RedHat Linux
RedHat Linux
added 2011/09/22 4:54 p.m.33 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 5.1.0 security update

Updated Spring Framework 3 files for JBoss Enterprise SOA Platform 5.1.0 that fix multiple security issues are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS...

6.8CVSS6.2AI score0.08532EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2011/09/15 6:17 p.m.11 views

Important: Red Hat Security Advisory: jbossws security update

Updated jbossws-client.jar, jbossws-common.jar, jbossws-core.jar, and jbossws-native-core.jar files for JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0 that fix one security issue are now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this...

5CVSS5.8AI score0.02664EPSS
Exploits0References5
Prion
Prion
added 2011/07/27 2:55 a.m.22 views

Input validation

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0, 4.3.0.CP09, and 5.1.1; and JBoss Enterprise Web Platform 5.1.1, does not properly...

6.8CVSS7.5AI score0.02593EPSS
Exploits0References10Affected Software4
NVD
NVD
added 2011/07/27 2:42 a.m.40 views

CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3.0.CP09 and 5.1.0, does not properly restrict use of Expression Language EL statements i...

6.8CVSS7.2AI score0.02286EPSS
Exploits0References8
CVE
CVE
added 2011/07/27 1:0 a.m.105 views

CVE-2011-1484

CVE-2011-1484 affects JBoss Seam 2 framework (2.2.x and earlier) distributed with Red Hat JBoss Enterprise platforms. The flaw stems from improper restriction of EL statements in FacesMessages during page exception handling, enabling remote code execution via a crafted URL. Red Hat advisories RHS...

6.8CVSS7.3AI score0.02286EPSS
Exploits0References8Affected Software3
RedHat Linux
RedHat Linux
added 2011/04/20 7:48 p.m.7 views

Important: Red Hat Security Advisory: JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 security update

An updated jboss-seam.jar file for JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring Syste...

6.8CVSS6.3AI score0.02286EPSS
Exploits0References4
NVD
NVD
added 2010/12/30 9:0 p.m.30 views

CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS7.4AI score0.03017EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2010/12/30 9:0 p.m.28 views

CVE-2010-3708

The serialization implementation in JBoss Drools in Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.3 before 4.3.0.CP09 and JBoss Enterprise SOA Platform 4.2 and 4.3 supports the embedding of class files, which allows remote attackers to execute arbitrary code via a crafted...

7.5CVSS6AI score0.03017EPSS
Exploits0References1
Rows per page
Query Builder