Lucene search

Jboss Portal Security Vulnerabilities

cve

CVE-2011-2487

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

5.9CVSS

5.7AI Score

0.006EPSS

2020-03-11 04:15 PM

cve

CVE-2012-5626

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

7.5CVSS

7.5AI Score

0.001EPSS

2020-01-23 07:15 PM

cve

CVE-2013-6495

JBossWeb Bayeux has reflected XSS

6.1CVSS

6AI Score

0.001EPSS

2019-12-11 02:15 PM

cve

CVE-2014-0245

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain pr...

5.9CVSS

6.7AI Score

0.003EPSS

2020-01-02 08:15 PM

cve

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

7.1AI Score

0.002EPSS

2015-08-11 02:59 PM

cve

CVE-2015-7501

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Serve...

9.8CVSS

9.7AI Score

0.018EPSS

2017-11-09 05:29 PM

185