Jboss Brms Security Vulnerabilities and Issues — Jboss Brms CVE List

Lucene search

RedhatJboss Brms

8 matches found

CVE•added 2019/01/02 6:29 p.m.•315 views

CVE-2018-19360

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

9.8CVSS8.8AI score0.06777EPSS

CVE•added 2019/01/02 6:29 p.m.•297 views

CVE-2018-19361

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

9.8CVSS8.8AI score0.04063EPSS

CVE•added 2019/03/21 4:0 p.m.•291 views

CVE-2018-12023

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to ma...

7.5CVSS8.4AI score0.049EPSS

CVE•added 2019/01/02 6:29 p.m.•179 views

CVE-2018-19362

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

9.8CVSS8.8AI score0.06777EPSS

CVE•added 2019/03/21 4:0 p.m.•143 views

CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDA...

7.5CVSS8.4AI score0.03093EPSS

CVE•added 2021/06/02 1:15 p.m.•127 views

CVE-2020-14340

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

5.9CVSS5.5AI score0.00344EPSS

CVE•added 2020/01/23 7:15 p.m.•59 views

CVE-2012-5626

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

7.5CVSS7.5AI score0.00176EPSS

CVE•added 2018/09/10 4:29 p.m.•52 views

CVE-2016-7041

Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

6.8CVSS6.4AI score0.01008EPSS