Jboss Middleware Text-only Advisories Security Vulnerabilities and Issues — Jboss Middleware Text-only Advisories CVE List

Lucene search

RedhatJboss Middleware Text-only Advisories

9 matches found

CVE•added 2016/06/07 2:6 p.m.•1164 views

CVE-2016-4437

Apache Shiro before 1.2.5, when a cipher key has not been configured for the "remember me" feature, allows remote attackers to execute arbitrary code or bypass intended access restrictions via an unspecified request parameter.

9.8CVSS8.3AI score0.94303EPSS

CVE•added 2024/04/17 2:15 p.m.•389 views

CVE-2024-1132

A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any...

8.1CVSS5.7AI score0.00177EPSS

CVE•added 2020/07/06 7:15 p.m.•211 views

CVE-2019-14900

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unautho...

6.5CVSS6.7AI score0.01446EPSS

CVE•added 2023/09/20 10:15 a.m.•174 views

CVE-2023-4853

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endp...

8.1CVSS7.6AI score0.00577EPSS

CVE•added 2023/09/11 9:15 p.m.•150 views

CVE-2022-1415

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.

8.8CVSS8.3AI score0.00632EPSS

CVE•added 2019/07/30 11:15 a.m.•142 views

CVE-2019-14439

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.

7.5CVSS8.4AI score0.10318EPSS

CVE•added 2020/03/11 4:15 p.m.•106 views

CVE-2011-2487

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

5.9CVSS5.7AI score0.0014EPSS

CVE•added 2017/04/13 2:59 p.m.•89 views

CVE-2016-4970

handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).

7.8CVSS7.2AI score0.0823EPSS

CVE•added 2018/07/26 2:29 p.m.•87 views

CVE-2018-1288

In Apache Kafka 0.9.0.0 to 0.9.0.1, 0.10.0.0 to 0.10.2.1, 0.11.0.0 to 0.11.0.2, and 1.0.0, authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss.

5.5CVSS5.5AI score0.00932EPSS