Lucene search
K

4 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.17 views

PT-2026-47666

Name of the Vulnerable Software and Affected Versions Spring Framework versions 7.0.0 through 7.0.7 Spring Framework versions 6.2.0 through 6.2.18 Spring Framework versions 6.1.0 through 6.1.27 Spring Framework versions 5.3.0 through 5.3.48 Description In an untrusted JMS environment, the...

9.8CVSS6.1AI score0.00268EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/05/22 12:17 p.m.11 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

6.2AI score0.0064EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/22 12:17 p.m.37 views

CVE-2026-44417 Apache CXF: Incomplete fix for CVE-2025-48913 (Untrusted JMS configuration can lead to RCE)

The fix for CVE-2025-48913: Apache CXF: Untrusted JMS configuration can lead to RCE was not complete, meaning that another path in the code might lead to code execution capabilities, if untrusted users are allowed to configure JMS for Apache CXF. Users are recommended to upgrade to versions 4.2.1...

0.0064EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/08/08 12:32 p.m.13 views

Apache CXF: Untrusted JMS configuration can lead to RCE

If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8...

9.8CVSS6.7AI score0.00793EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder