Jboss A-mq Security Vulnerabilities and Issues — Jboss A-mq CVE List

Lucene search

RedhatJboss A-mq

5 matches found

CVE•added 2023/10/10 2:15 p.m.•4479 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.9445EPSS

CVE•added 2021/12/14 12:15 p.m.•1133 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2022/09/13 2:15 p.m.•120 views

CVE-2022-1278

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.

7.5CVSS7.3AI score0.00761EPSS

CVE•added 2017/09/25 9:29 p.m.•70 views

CVE-2015-5183

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.

7.5CVSS8.3AI score0.00396EPSS

CVE•added 2018/08/01 2:29 p.m.•61 views

CVE-2016-8648

It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain d...

7.2CVSS7.3AI score0.00536EPSS