Jmeter Security Vulnerabilities and Issues — Jmeter CVE List

Lucene search

ApacheJmeter

14 matches found

CVE•added 2021/03/23 12:15 a.m.•471 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of serv...

7.5CVSS8.5AI score0.23434EPSS

CVE•added 2021/03/23 12:15 a.m.•469 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

9.1CVSS7.3AI score0.01022EPSS

CVE•added 2021/03/23 12:15 a.m.•466 views

CVE-2021-21343

7.5CVSS7.1AI score0.00687EPSS

CVE•added 2021/03/23 12:15 a.m.•420 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8AI score0.28061EPSS

CVE•added 2021/03/23 12:15 a.m.•419 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the r...

9.1CVSS8.1AI score0.90494EPSS

CVE•added 2021/03/23 12:15 a.m.•394 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who foll...

9.9CVSS7.8AI score0.87079EPSS

CVE•added 2021/03/23 12:15 a.m.•392 views

CVE-2021-21346

9.8CVSS8.3AI score0.03973EPSS

CVE•added 2021/03/23 12:15 a.m.•386 views

CVE-2021-21347

9.8CVSS8.3AI score0.02891EPSS

CVE•added 2021/03/23 12:15 a.m.•381 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.05914EPSS

CVE•added 2021/03/23 12:15 a.m.•376 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup...

9.8CVSS8AI score0.07113EPSS

CVE•added 2021/03/23 12:15 a.m.•365 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup X...

7.8CVSS7.2AI score0.00199EPSS

CVE•added 2018/02/13 12:29 p.m.•83 views

CVE-2018-1297

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.23187EPSS

CVE•added 2019/03/06 5:29 p.m.•80 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.3AI score0.00635EPSS

CVE•added 2018/02/14 2:29 p.m.•79 views

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.01876EPSS