2 matches found
CVE-2021-37578
Apache jUDDI prior to 3.3.10 exposed a deserialization-based remote code execution vector via RMI. The issue arises from Java serialization in RMI entries, potentially allowing remote code execution if exploited. RMI is disabled by default for jUDDI web services/clients, and starting with 3.3.10 ...
CVE-2009-1198
Summary (CVE-2009-1198) : An XSS vulnerability exists in Apache jUDDI before 2.0. The flaw allows remote attackers to inject arbitrary web script or HTML via the dsname parameter to the happyjuddi.jsp page. Affected software is Apache jUDDI prior to version 2.0. The vulnerability is browser-execu...