Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ApacheKaraf*

3 matches found

CVE
CVEadded 2022/01/26 11:15 a.m.125 views

CVE-2022-22932

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf...

5.3CVSS5.5AI score0.00682EPSS
CVE
CVEadded 2022/01/26 11:15 a.m.98 views

CVE-2021-41766

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated de...

8.1CVSS8.3AI score0.00335EPSS
CVE
CVEadded 2022/12/21 4:15 p.m.84 views

CVE-2022-40145

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasourceuse InitialContext.lookup(jndiName) without filtering.An use...

9.8CVSS9.9AI score0.01584EPSS