Lucene search

Veracode Vulnerability DatabaseVERACODE:23840

HistoryApr 10, 2020 - 12:37 a.m.

Arbitrary Code Execution

2020-04-1000:37:32

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

jboss is vulnerable to arbitrary code execution. The vulnerability exists through an XSS flaw was found in the JMX Console. An attacker could use this flaw to present misleading data to an authenticated user, or execute arbitrary scripting code in the context of the authenticated user’s browser session.

CPENameOperatorVersion
jacorbeq2.3.0__1jpp.ep1.1.el5.2
jacorbeq2.3.0__1jpp.ep1.5.el5
glassfish-jsfeq1.2_10__0jpp.ep1.5.ep5.el5
glassfish-jsfeq1.2_10__0jpp.ep1.5.ep5.el4
glassfish-jsfeq1.2_04__1.p02.0jpp.ep1.18.el5
quartzeq1.5.2__1jpp.ep1.5.el5
xml-securityeq1.3.0__1jpp.ep1.3.el5.2
hibernate3-annotationseq3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el4

Name	Operator	Version
jacorb	eq	2.3.0__1jpp.ep1.1.el5.2
jacorb	eq	2.3.0__1jpp.ep1.5.el5
glassfish-jsf	eq	1.2_10__0jpp.ep1.5.ep5.el5
glassfish-jsf	eq	1.2_10__0jpp.ep1.5.ep5.el4
glassfish-jsf	eq	1.2_04__1.p02.0jpp.ep1.18.el5
quartz	eq	1.5.2__1jpp.ep1.5.el5
xml-security	eq	1.3.0__1jpp.ep1.3.el5.2
hibernate3-annotations	eq	3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el4

Rows per page:

1-10 of 1201

References

secunia.com/advisories/37671

securitytracker.com/id?1023315

www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/

www.redhat.com/security/updates/classification/#moderate

www.securityfocus.com/bid/37276

access.redhat.com/errata/RHSA-2009:1636

access.redhat.com/errata/RHSA-2009:1637

access.redhat.com/errata/RHSA-2009:1649

access.redhat.com/errata/RHSA-2009:1650

access.redhat.com/security/cve/CVE-2009-1380

bugzilla.redhat.com/show_bug.cgi?id=511224

exchange.xforce.ibmcloud.com/vulnerabilities/54698

jira.jboss.org/jira/browse/JBPAPP-1983

rhn.redhat.com/errata/RHSA-2009-1636.html

rhn.redhat.com/errata/RHSA-2009-1637.html

rhn.redhat.com/errata/RHSA-2009-1649.html

rhn.redhat.com/errata/RHSA-2009-1650.html

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for VERACODE:23840