{"uuid": "d69d5bfc-e5a8-4c22-aad2-e91e286bbfa0", "vulnerability": {"vulnId": "CVE-2010-0738", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "d69d5bfc-e5a8-4c22-aad2-e91e286bbfa0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat JBoss Authentication Bypass Vulnerability | Affected: Red Hat / JBoss | Description: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0738"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2010-0738", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-0738"}]}