Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ApacheJmeter

14 matches found

CVE
CVEadded 2021/03/22 11:40 p.m.490 views

CVE-2021-21341

CVE-2021-21341 affects the XStream Java library (unmarshalling) prior to 1.4.16. The vulnerability enables a remote attacker to cause a denial-of-service by consuming 100% CPU time via manipulated input streams. Impact is described as CPU denial of service; no user impact if the recommended Secur...

7.5CVSS8.5AI score0.27312EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.487 views

CVE-2021-21342

CVE-2021-21342 affects the Java library XStream (prior to 1.4.16). During unmarshalling, the processed input stream can include type information used to recreate objects, enabling an attacker to inject/replace objects and trigger a server-side forgery. The documented fix is to upgrade to at least...

9.1CVSS7.3AI score0.00869EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.483 views

CVE-2021-21343

CVE-2021-21343 affects XStream (Java) prior to 1.4.16. The vulnerability arises during unmarshalling when the processed input stream carries type information, enabling an attacker to create new instances based on that data and potentially replace or inject objects, including causing local file de...

7.5CVSS7.1AI score0.00623EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.447 views

CVE-2021-21344

Summary: CVE-2021-21344 affects the XStream Java XML serialization library. In versions before 1.4.16, a remote attacker can load and execute arbitrary code by manipulating the processed input stream. The risk is mitigated if the security framework whitelist is properly configured; otherwise the ...

9.8CVSS8AI score0.30602EPSS
CVE
CVEadded 2021/03/22 11:45 p.m.439 views

CVE-2021-21351

CVE-2021-21351 is an XStream deserialization vulnerability. Connected IBM advisories confirm the issue affects IBM Data Risk Manager (IDRM) and IBM Engineering/Test Management products via bundled XStream versions, with exploitation through unmarshalling to achieve arbitrary code execution. Remed...

9.1CVSS8.1AI score0.92EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.418 views

CVE-2021-21345

CVE-2021-21345 affects the XStream Java library. Per connected sources, vulnerable versions are those before 1.4.16, where an attacker with sufficient rights can remotely execute commands on the host by manipulating the processed input stream. The issue is mitigated by upgrading to 1.4.16 or late...

9.9CVSS7.8AI score0.88091EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.414 views

CVE-2021-21346

XStream (Java XML serialization library) has CVE-2021-21346 among a set of 2021-04x vulnerabilities. The issue affects XStream prior to 1.4.16 where processing input streams can lead to remote code execution or related impacts if exploitation occurs, with mitigations including enabling the Securi...

9.8CVSS8.3AI score0.03665EPSS
CVE
CVEadded 2021/03/22 11:40 p.m.405 views

CVE-2021-21347

CVE-2021-21347 affects XStream Java library (pre-1.4.16). The vulnerability allows a remote attacker to load and execute arbitrary code from a remote host by manipulating the processed input stream, with high severity when not using a proper security framework. Guidance across sources indicates u...

9.8CVSS8.3AI score0.03287EPSS
CVE
CVEadded 2021/03/22 11:45 p.m.396 views

CVE-2021-21349

XStream (Java) before 1.4.16 is vulnerable to an input-stream manipulation flaw (CVE-2021-21349) that may allow a remote attacker to access data from internal resources not publicly available. The issue arises from processing the input stream during deserialization. A fix is available in XStream ...

8.6CVSS7.8AI score0.06747EPSS
CVE
CVEadded 2021/03/22 11:45 p.m.394 views

CVE-2021-21350

CVE-2021-21350 affects the XStream Java library. Connected sources confirm that before version 1.4.16 XStream allowed remote code execution by manipulating the processed input stream, with guidance to enable a security whitelist and upgrade to at least 1.4.16. Debian security advisories (DSA-5004...

9.8CVSS8AI score0.08761EPSS
CVE
CVEadded 2021/03/22 11:45 p.m.383 views

CVE-2021-21348

XStream (Java) before version 1.4.16 is vulnerable to a denial of service where a remote attacker can cause a thread to consume maximum CPU time and not return. Public documents consistently describe the issue as affecting XStream’s XML deserialization, with mitigation requiring upgrading to at l...

7.8CVSS7.2AI score0.00256EPSS
CVE
CVEadded 2018/02/13 12:0 p.m.94 views

CVE-2018-1297

CVE-2018-1297 affects Apache JMeter (versions 2.x and 3.x) in distributed testing mode using an unsecured RMI connection, allowing remote access to JMeterEngine and potential code execution. Exploitation details are shown in public PoCs (e.g., RMIRegistryExploit with CommonsCollections1) and repo...

9.8CVSS9.2AI score0.17994EPSS
CVE
CVEadded 2019/03/06 5:0 p.m.94 views

CVE-2019-0187

Apache JMeter in distributed mode (-r/-R) is affected by CVE-2019-0187, enabling unauthenticated remote code execution via a RemoteJMeterEngine over RMI using untrusted data deserialization. The issue is limited to tests running in Distributed mode; pre-4.0 versions do not encrypt traffic between...

9.8CVSS9.3AI score0.00635EPSS
CVE
CVEadded 2018/02/14 2:0 p.m.90 views

CVE-2018-1287

CVE-2018-1287 affects Apache JMeter 2.X and 3.X in Distributed Test (RMI-based) mode, where the jmeter server binds the RMI Registry to a wildcard host. This can allow an attacker to gain access to the JMeterEngine and send unauthorized code. The available connected documents confirm the vulnerab...

9.8CVSS9.2AI score0.01876EPSS