Jmeter@* Security Vulnerabilities and Issues — Jmeter@* CVE List

Lucene search

ApacheJmeter*

14 matches found

CVE•added 2021/03/23 12:15 a.m.•408 views

CVE-2021-21341

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is vulnerability which may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of serv...

7.5CVSS8.5AI score0.26092EPSS

CVE•added 2021/03/23 12:15 a.m.•406 views

CVE-2021-21342

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability where the processed stream at unmarshalling time contains type information to recreate the formerly written objects. XStream creates therefore new instances based on thes...

9.1CVSS7.3AI score0.01358EPSS

CVE•added 2021/03/23 12:15 a.m.•403 views

CVE-2021-21343

7.5CVSS7.1AI score0.00832EPSS

CVE•added 2021/03/23 12:15 a.m.•356 views

CVE-2021-21344

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed...

9.8CVSS8AI score0.27692EPSS

CVE•added 2021/03/23 12:15 a.m.•355 views

CVE-2021-21351

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the r...

9.1CVSS8.1AI score0.90494EPSS

CVE•added 2021/03/23 12:15 a.m.•331 views

CVE-2021-21346

9.8CVSS8.3AI score0.03899EPSS

CVE•added 2021/03/23 12:15 a.m.•330 views

CVE-2021-21345

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who foll...

9.9CVSS7.8AI score0.85307EPSS

CVE•added 2021/03/23 12:15 a.m.•320 views

CVE-2021-21347

9.8CVSS8.3AI score0.02592EPSS

CVE•added 2021/03/23 12:15 a.m.•317 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.05816EPSS

CVE•added 2021/03/23 12:15 a.m.•314 views

CVE-2021-21350

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to execute arbitrary code only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup...

9.8CVSS8AI score0.08098EPSS

CVE•added 2021/03/23 12:15 a.m.•302 views

CVE-2021-21348

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to occupy a thread that consumes maximum CPU time and will never return. No user is affected, who followed the recommendation to setup X...

7.8CVSS7.2AI score0.00265EPSS

CVE•added 2018/02/13 12:29 p.m.•80 views

CVE-2018-1297

When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.24073EPSS

CVE•added 2019/03/06 5:29 p.m.•78 views

CVE-2019-0187

Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed...

9.8CVSS9.3AI score0.0048EPSS

CVE•added 2018/02/14 2:29 p.m.•77 views

CVE-2018-1287

In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.

9.8CVSS9.2AI score0.01975EPSS