All the vulnerabilites related to redhat - jboss_operations_network
Vulnerability from fkie_nvd
Published
2019-10-03 14:15
Modified
2024-11-21 04:42
Severity ?
Summary
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4261428B-2380-4615-AD3E-F6A90255A568",
"versionEndExcluding": "3.3.11",
"versionStartExcluding": "3.2.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3."
},
{
"lang": "es",
"value": "Se detect\u00f3 que la correcci\u00f3n para CVE-2014-0114 hab\u00eda sido revertido en JBoss Operations Network 3 (JON). Este fallo permite a atacantes manipular las propiedades de ClassLoader en un servidor vulnerable. Las explotaciones publicadas se basan en las propiedades de ClassLoader que est\u00e1n expuestas, como las de JON 3. Informaci\u00f3n adicional puede ser encontrada en el art\u00edculo de la base de conocimiento de Red Hat: https://access.redhat.com/site/solutions/869353. Tenga en cuenta que mientras varios productos publicaron parches para el fallo original de CVE-2014-0114, la reversi\u00f3n descrita por este fallo de CVE-2019-3834 solo ocurri\u00f3 en JON 3."
}
],
"id": "CVE-2019-3834",
"lastModified": "2024-11-21T04:42:38.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-03T14:15:11.417",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-470"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-08 00:55
Modified
2024-11-21 01:29
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 2.0.0 | |
| redhat | jboss_operations_network | 2.0.1 | |
| redhat | jboss_operations_network | 2.1.0 | |
| redhat | jboss_operations_network | 2.2 | |
| redhat | jboss_operations_network | 2.3 | |
| redhat | jboss_operations_network | 2.3.1 | |
| redhat | jboss_operations_network | 2.4 | |
| rhq-project | rhq | 4.2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rhq-project:rhq:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87A95053-2488-4515-95EB-6711BF8BBC63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la interfaz de administraci\u00f3n de RHQ v4.2.0, tal y como se utiliza en JBoss Operations Network (tambi\u00e9n conocido como Jon o JBoss ON) antes de la versi\u00f3n v3.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2011-3206",
"lastModified": "2024-11-21T01:29:58.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-01-08T00:55:01.253",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47197"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47280"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1026435"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47197"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/47280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1026435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734662"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-01 06:35
Modified
2024-11-21 01:32
Severity ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 1.0.0 | |
| redhat | jboss_operations_network | 2.0.0 | |
| redhat | jboss_operations_network | 2.0.1 | |
| redhat | jboss_operations_network | 2.1.0 | |
| redhat | jboss_operations_network | 2.2 | |
| redhat | jboss_operations_network | 2.3 | |
| redhat | jboss_operations_network | 2.3.1 | |
| redhat | jboss_operations_network | 2.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1625FD-302E-457E-BDD1-977DE614CB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \"modify resource\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network (JON) anterior a 2.4.2 no fuerza debidamente permisos de modificar recurso para usuarios remotos autenticados cuando elimina una actualizaci\u00f3n de configuraci\u00f3n de plugin del historial de propiedades de conexi\u00f3n de grupo, lo que previene tales actividades de ser registradas en el registro de auditor\u00eda."
}
],
"id": "CVE-2011-4573",
"lastModified": "2024-11-21T01:32:34.713",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-01T06:35:52.497",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-04 22:15
Modified
2024-11-21 01:55
Severity ?
Summary
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2013-4374 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2013-4374 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | rhq_mongo_db_drift_server | * | |
| redhat | jboss_operations_network | 3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:rhq_mongo_db_drift_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D17D590-775D-418D-B12E-70F584ADFC41",
"versionEndIncluding": "2013-09-25",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFFA4B2-1562-48E0-A598-3C1F8973FDF1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de archivo temporal de inseguridad en RHQ Mongo DB Drift Server hasta el 25-09-2013 cuando se descomprimen archivos comprimidos."
}
],
"id": "CVE-2013-4374",
"lastModified": "2024-11-21T01:55:26.890",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-04T22:15:10.903",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4374"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4374"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-668"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-07 19:28
Modified
2024-11-21 02:54
Severity ?
Summary
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2016-1785.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/92722 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2016-1785.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92722 | Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "522D28A2-D89E-41E8-A1A8-3577C86C773B",
"versionEndIncluding": "3.3.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request."
},
{
"lang": "es",
"value": "La consola web en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.7 no autoriza adecuadamente peticiones para agregar usuarios con el rol de superusuario, lo que permite a usuarios remotos autenticados obtener privilegios de administrador a trav\u00e9s de una petici\u00f3n POST manipulada."
}
],
"id": "CVE-2016-5422",
"lastModified": "2024-11-21T02:54:16.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-07T19:28:03.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92722"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92722"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2024-11-21 01:55
Severity ?
Summary
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files."
},
{
"lang": "es",
"value": "El m\u00e9todo storeFiles en JPADriftServerBean en Red Hat JBoss Operations Network (JON) 3.1.2 permite a usuarios locales cargar archivos drift arbitrarios en el servidor escribiendo los archivos al directorio temporal que es utilizado para descomprimir archivos zip."
}
],
"id": "CVE-2013-4373",
"lastModified": "2024-11-21T01:55:26.787",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.1,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.830",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011824"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88179"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2024-11-21 01:55
Severity ?
Summary
The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files."
},
{
"lang": "es",
"value": "El servidor en Red Hat JBoss Operations Network (JON) 3.1.2 loguea contrase\u00f1as en texto plano, lo que permite a usuarios locales obtener informaci\u00f3 sensible leyendo los archivos de log."
}
],
"id": "CVE-2013-4293",
"lastModified": "2024-11-21T01:55:17.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:46.487",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-11-09 17:29
Modified
2024-11-21 02:36
Severity ?
Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | data_grid | 6.0.0 | |
| redhat | jboss_a-mq | 6.0.0 | |
| redhat | jboss_bpm_suite | 6.0.0 | |
| redhat | jboss_data_virtualization | 5.0.0 | |
| redhat | jboss_data_virtualization | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 4.3.0 | |
| redhat | jboss_enterprise_application_platform | 5.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_enterprise_brms_platform | 5.0.0 | |
| redhat | jboss_enterprise_brms_platform | 6.0.0 | |
| redhat | jboss_enterprise_soa_platform | 5.0.0 | |
| redhat | jboss_enterprise_web_server | 3.0.0 | |
| redhat | jboss_fuse | 6.0.0 | |
| redhat | jboss_fuse_service_works | 6.0 | |
| redhat | jboss_operations_network | 3.0 | |
| redhat | jboss_portal | 6.0.0 | |
| redhat | openshift | 3.0 | |
| redhat | subscription_asset_manager | 1.3.0 | |
| redhat | xpaas | 3.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:data_grid:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D90858CA-996D-4A07-A57A-5E228BBED442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C4404A-CFB7-4B47-9487-F998825C31CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_bpm_suite:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7750C45E-4D02-45D5-A3AA-CF024C20AC8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_virtualization:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3257F51A-C847-4251-8B1B-D8DEF11677A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDC2527-97FE-409D-8DD6-78E085CC73C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0930C5-C483-414C-879D-029FDE8251C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B78438D-1321-4BF4-AEB1-DAF60D589530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_portal:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5C01A82-F078-4D08-93D0-6318272D3D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift:3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "45690263-84D9-45A1-8C30-3ED2F0F11F47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:subscription_asset_manager:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6047BC2A-5EDB-458F-BBDB-38C0C3CF4E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:xpaas:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F58B1F3C-C27D-4387-9164-C3E2E0960A2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
},
{
"lang": "es",
"value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x y 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x y 5.x; Enterprise Application Platform 6.x, 5.x y 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x y Red Hat Subscription Asset Manager 1.3 permiten que atacantes remotos ejecuten comandos arbitrarios mediante un objeto Java serializado manipulado. Esto est\u00e1 relacionado con la librer\u00eda ACC (Apache Commons Collections)."
}
],
"id": "CVE-2015-7501",
"lastModified": "2024-11-21T02:36:53.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-09T17:29:00.203",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/solutions/2045023"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"source": "secalert@redhat.com",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"source": "secalert@redhat.com",
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/solutions/2045023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-06-02 13:15
Modified
2024-11-21 05:03
Severity ?
Summary
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1860218 | Issue Tracking, Vendor Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1860218 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | xnio | * | |
| redhat | xnio | * | |
| redhat | xnio | 3.6.0 | |
| redhat | xnio | 3.6.0 | |
| redhat | jboss_brms | 5 | |
| redhat | jboss_brms | 6 | |
| redhat | jboss_data_grid | 6.0.0 | |
| redhat | jboss_data_grid | 7.0.0 | |
| redhat | jboss_data_virtualization | 6.0.0 | |
| redhat | jboss_enterprise_application_platform | 5.0.0 | |
| redhat | jboss_enterprise_application_platform | 6.0.0 | |
| redhat | jboss_fuse | 6.0.0 | |
| redhat | jboss_fuse | 7.0.0 | |
| redhat | jboss_operations_network | 3.0 | |
| redhat | jboss_soa_platform | 5 | |
| oracle | communications_cloud_native_core_console | 1.9.0 | |
| oracle | communications_cloud_native_core_network_repository_function | 1.14.0 | |
| oracle | communications_cloud_native_core_policy | 1.14.0 | |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.15.0 | |
| oracle | communications_cloud_native_core_service_communication_proxy | 1.14.0 | |
| oracle | communications_cloud_native_core_unified_data_repository | 1.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51EE6E12-A43A-4F53-9750-35D8BDF16100",
"versionEndExcluding": "3.7.9",
"versionStartIncluding": "3.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5A1F231-972E-455F-8BA0-06627A715061",
"versionEndExcluding": "3.8.2",
"versionStartIncluding": "3.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "80259D1A-EC7A-4C72-A193-4E9F594BC1BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "2167DBAE-1F20-4B41-8D98-A3FAFDCBB510",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5157F3-B74D-4066-AB34-8B42BBEB9C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*",
"matchCriteriaId": "38DD6591-DB2A-4A1C-800B-D6C32C5D3065",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "372F543C-1516-4F17-B4B7-A67B7CAD6966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "AB9104FA-3448-43E0-BED9-BAF7D06054E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D5DDAE-5519-4E9D-8DD0-D56E4E034F26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
},
{
"lang": "es",
"value": "Se detect\u00f3 una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolecci\u00f3n de basura. Puede permitir al atacante causar una denegaci\u00f3n de servicio. Afecta a XNIO versiones 3.6.0.Beta1 hasta 3.8.1.Final"
}
],
"id": "CVE-2020-14340",
"lastModified": "2024-11-21T05:03:02.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-06-02T13:15:08.083",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2024-11-21 02:50
Severity ?
Summary
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "98E4BA80-A3A4-4284-9BC4-E8AFB17802D5",
"versionEndIncluding": "3.3.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization."
},
{
"lang": "es",
"value": "El servidor en Red Hat JBoss Operations Network (JON) en versiones anteriores a 3.3.6 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a traves una petici\u00f3n HTTP manipulada, relacionado con deserializaci\u00f3n de mensaje."
}
],
"id": "CVE-2016-3737",
"lastModified": "2024-11-21T02:50:36.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:01.537",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1036507"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
},
{
"source": "secalert@redhat.com",
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1036507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-22"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-11-08 00:15
Modified
2024-11-21 00:53
Severity ?
Summary
In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2008-5083 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2008-5083 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 2.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F43AEF41-312E-42F0-97E6-218E8625AA2A",
"versionEndExcluding": "2.1.2",
"versionStartIncluding": "2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8C42C656-0779-4675-88DB-4B6B392B6E30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON."
},
{
"lang": "es",
"value": "En JON versiones 2.1.x anteriores a 2.1.2 SP1, los usuarios pueden obtener informaci\u00f3n de seguridad no autorizada sobre recursos privados administrados por JBoss ON."
}
],
"id": "CVE-2008-5083",
"lastModified": "2024-11-21T00:53:14.947",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-08T00:15:10.117",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2008-5083"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2008-5083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 01:34
Severity ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 2.0.0 | |
| redhat | jboss_operations_network | 2.0.1 | |
| redhat | jboss_operations_network | 2.1.0 | |
| redhat | jboss_operations_network | 2.2 | |
| redhat | jboss_operations_network | 2.3 | |
| redhat | jboss_operations_network | 2.3.1 | |
| redhat | jboss_operations_network | 2.4 | |
| redhat | jboss_operations_network | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network (JON) anterior a 2.4.2 y 3.0.x anterior a 3.0.1 no comprueba la clave del agente JON, lo que permite a atacantes remotos falsificar la identidad de agentes arbitrarios a trav\u00e9s del nombre del agente registrado."
}
],
"id": "CVE-2012-0052",
"lastModified": "2024-11-21T01:34:17.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-14T15:55:04.750",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781964"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-10-30 23:15
Modified
2024-11-21 01:12
Severity ?
Summary
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 | Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB89E6F0-2E7F-408F-804F-F55B6551C24E",
"versionEndExcluding": "2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user."
},
{
"lang": "es",
"value": "Se detect\u00f3 una falta de comprobaci\u00f3n de permiso en la CLI en JBoss Operations Network versiones anteriores a 2.3.1, no comprueba apropiadamente los permisos, lo que permite a usuarios de JBoss ON llevar a cabo tareas de administraci\u00f3n y cambios de configuraci\u00f3n con los privilegios del usuario administrador."
}
],
"id": "CVE-2010-0737",
"lastModified": "2024-11-21T01:12:51.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T23:15:09.877",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-07-23 11:03
Modified
2024-11-21 01:51
Severity ?
Summary
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*",
"matchCriteriaId": "424C0428-6E78-42B2-B77A-921116528D06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "76D8FCD1-55D5-4187-87DD-39904EDE2EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C13890AE-5FDE-4698-8A2E-1B2FA0A313AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9CDC2527-97FE-409D-8DD6-78E085CC73C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41B77A70-95E1-4333-90E4-8056389EEE92",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB18D40-E8EA-4EB7-A25D-15CE6B65E21F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E911B601-2A14-4C23-81FF-689DBDB79626",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DECC247-477B-4AB3-9FD4-B7B6726A728D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C70B67DF-8122-40D6-9301-B1DD31D71F55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6B1CE36-5131-425D-90BD-FC597F27B3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "8F570DE3-8759-44F9-B515-71889139A443",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "B5FED015-A1E5-4CDC-9E99-97FA0ED2454D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "D20B3197-3BB8-427B-8B92-D53B200A235A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*",
"matchCriteriaId": "A87344DF-9FA8-40B6-98B2-A43FB86BBB6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*",
"matchCriteriaId": "C9C9C8B4-693E-4777-BC31-5933147DFC54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3221242F-802E-418B-BC9D-CFA200D99171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5472541F-ED83-4656-AE18-1642F571D294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97165B18-1078-4215-94DA-0B6C4228056E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D66D2843-0273-4A3A-A9D1-48BBB15031B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6572BFDD-0A35-48CC-99A1-2BDE27BABB62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3451D2AD-BB7B-4149-97C3-2DB1BCC0EF85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDEABE3E-DC3E-4B98-8433-4308BBEE6F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "70942A41-9089-4313-8B00-5CB92518A349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "093F7EA4-B190-49A5-AF55-42D4F960EEFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "75CBF063-6986-4217-BC8E-661B5167AB2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "3F6528B6-1147-4366-8F81-8B380903EAA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*",
"matchCriteriaId": "92953D9C-8FF0-4499-A4A4-3B05696D326E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C57B8004-AF15-4F0F-B9FA-A3CFF7BD42DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*",
"matchCriteriaId": "66F4FC45-CF67-44E4-96CA-31B537151C7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*",
"matchCriteriaId": "E7CF5F63-C7A8-4787-9620-F5B76A9F0F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*",
"matchCriteriaId": "9BCA6581-3C94-4B1B-B30F-E0B854A68968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*",
"matchCriteriaId": "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*",
"matchCriteriaId": "67BD448A-745D-4387-ABC8-A18DF142574D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC497FD-503A-463B-A75E-9C4B9B716521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F224EE-A5A1-490B-91A5-0196B4168F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "55661526-BC23-4853-BF6C-E1899D747EC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "118B3D27-8BF7-48ED-9D22-564B7D515610",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD4700B-4C95-426E-ADF6-D165BB3E6F85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93B87581-F441-4A93-B797-337B7572CC08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC20F443-4918-46D2-8251-1C8F072B7733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F20B8708-8EC6-4B0E-9693-131F91A4FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C534793-58E0-45B9-84D7-D21E1C4C9F7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC1625FD-302E-457E-BDD1-977DE614CB47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "18EB42B1-D507-4B48-B835-C87AC5CC3650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "376C608B-645D-4560-8A7E-4154DCFD2B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE5BA7D-BEFA-474C-BBD3-4C22F1283182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFFA4B2-1562-48E0-A598-3C1F8973FDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "495496C9-8CFE-431D-84EB-1C94B7C74E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E43C0ED7-47AA-474B-B1E8-D5358EA40A41",
"versionEndIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69A1DC5C-28D4-4C03-9B4D-EB474714B530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0043DABE-2CF1-46FA-BC11-058EF8800D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA16184-345B-47C0-B5C2-2FC47E7BCD87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "910ABBBA-7FAC-4512-801C-3FDB5D7584D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_framework_kit:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "30B541A7-C0DC-4650-9C58-22E4FB14C213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7714AE54-6EA9-4FF0-995A-EAE7C9EC90A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF339098-BFB5-4795-84D0-1D4E3CA291C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1D36E4-44D9-4BCB-A5BB-6F9411A1EF02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E459D64B-4427-45D4-9AD8-27322D472AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BECB4A09-BF7E-4314-9DFA-FB093FD1035F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FA0C4149-1B58-44B4-8A4C-694EC46357B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "597510CA-20F6-4BFB-B674-BA2E54510D70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5E67C14B-9CAB-401F-9B8E-367DABC8B403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.2.0:sr1:*:*:*:*:*:*",
"matchCriteriaId": "CC999E61-A1E7-434F-89C5-D65150FFD3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDF3150-DB24-45B5-8AE4-E1389BFC7D9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C460B1D-6C7D-40B8-8F23-192CCEB68948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6A03D84C-BB68-4564-97F7-8CD326D86B4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7E2B5531-406B-47EA-A61F-2D3DD07E5BE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2FE027-BF63-4EC9-B743-C7A805A65FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.3.2:sr1:*:*:*:*:*:*",
"matchCriteriaId": "66F0B040-84E3-44B4-ACE4-0BC9366C064E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FD902B25-B15E-463E-8DF0-7DD0889A2B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E27F9EFE-D7CA-46A0-99B2-F4FDE622A9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4A438EF-E450-49DE-B745-3F8034C715DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7201416F-1CAC-431E-93A8-74FBB708CC53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9C9F20-702E-4943-9AE9-D419BFFFBC45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E7B1BC4-71B6-4F46-927F-E537A1688CD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "730FB8DB-5116-4BF2-9348-F280ACF3D197",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B82F2B98-5B8B-4BA0-912C-0C6C6B5393DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "986311E6-C44C-4DFF-A74B-1501DFB9B5A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:4.5.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "4D6E0C8B-8901-47F9-A96E-645BE5037666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:richfaces:5.0.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "8DA147D3-F295-4DBD-87AD-40C7F9B00C8F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data."
},
{
"lang": "es",
"value": "ResourceBuilderImpl.java en la implementaci\u00f3n de RichFaces 3.x a 5.x en la implementaci\u00f3n de Red Hat JBoss Web Framework Kit anterior a 2.3.0, Red Hat JBoss Web Platform a 5.2.0, Red Hat JBoss Enterprise Application Platform a 4.3.0 CP10 y 5.x a la 5.2.0, Red Hat JBoss BRMS hasta la 5.3.1, Red Hat JBoss SOA Platform hasta la 4.3.0 CP05 y 5.x hasta la 5.3.1, Red Hat JBoss Portal hasta la 4.3 CP07 y 5.x hasta 5.2.2, y Red Hat JBoss Operations Network hasta 2.4.2 y 3.x hasta la 3.1.2, no restringe las clases para la deserializaci\u00f3n de los m\u00e9todos que pueden ser invocados, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de datos serializados."
}
],
"evaluatorComment": "Per: http://www.bleathem.ca/blog/2013/07/richfaces-CVE-2013-2165.html\n\n\"Download RichFaces 3.3.4.Final or RichFaces 4.3.3.Final and use them in your applications to protect yourself from this vulnerability.\"",
"id": "CVE-2013-2165",
"lastModified": "2024-11-21T01:51:10.207",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-07-23T11:03:11.980",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"source": "secalert@redhat.com",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-01-23 19:15
Modified
2024-11-21 01:44
Severity ?
Summary
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/cve-2012-5626 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/cve-2012-5626 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626 | Issue Tracking, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_brms | 5 | |
| redhat | jboss_enterprise_application_platform | 5.0.0 | |
| redhat | jboss_enterprise_web_server | 1.0.0 | |
| redhat | jboss_operations_network | 3.1 | |
| redhat | jboss_portal | 4.0.0 | |
| redhat | jboss_portal | 5.0.0 | |
| redhat | jboss_soa_platform | 4.2 | |
| redhat | jboss_soa_platform | 4.3 | |
| redhat | jboss_soa_platform | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5157F3-B74D-4066-AB34-8B42BBEB9C7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "14259BF1-3601-4BF1-A591-FC4DE1639C57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFFA4B2-1562-48E0-A598-3C1F8973FDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_portal:4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B50AB8-E325-46FB-B0AF-76667CB2B7D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_portal:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D84C9125-611F-42AB-88CE-1A09E7FDCD6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_soa_platform:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A59BF53C-DD78-4515-9461-4F8ED01811C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_soa_platform:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4F556928-E3AD-40FE-9526-BEAB49AA1F0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*",
"matchCriteriaId": "44D5DDAE-5519-4E9D-8DD0-D56E4E034F26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation."
},
{
"lang": "es",
"value": "El m\u00e9todo EJB en Red Hat JBoss BRMS versi\u00f3n 5; Red Hat JBoss Enterprise Application Platform versi\u00f3n 5; Red Hat JBoss Operations Network versi\u00f3n 3.1; Red Hat JBoss Portal versiones 4 y 5; Red Hat JBoss SOA Platform versiones 4.2, 4.3 y 5; en Red Hat JBoss Enterprise Web Server versi\u00f3n 1, ignora los roles especificados usando la anotaci\u00f3n @RunAs."
}
],
"id": "CVE-2012-5626",
"lastModified": "2024-11-21T01:44:59.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-01-23T19:15:11.250",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5626"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-09-27 15:59
Modified
2024-11-21 02:55
Severity ?
Summary
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/92568 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=1368864 | Issue Tracking, Mitigation, Vendor Advisory | |
| secalert@redhat.com | https://www.tenable.com/security/research/tra-2016-22 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92568 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1368864 | Issue Tracking, Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/security/research/tra-2016-22 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.0 | |
| redhat | jboss_operations_network | 3.0.1 | |
| redhat | jboss_operations_network | 3.1 | |
| redhat | jboss_operations_network | 3.1.1 | |
| redhat | jboss_operations_network | 3.1.2 | |
| redhat | jboss_operations_network | 3.1.4 | |
| redhat | jboss_operations_network | 3.2.0 | |
| redhat | jboss_operations_network | 3.2.1 | |
| redhat | jboss_operations_network | 3.2.2 | |
| redhat | jboss_operations_network | 3.2.3 | |
| redhat | jboss_operations_network | 3.3.1 | |
| redhat | jboss_operations_network | 3.3.2 | |
| redhat | jboss_operations_network | 3.3.3 | |
| redhat | jboss_operations_network | 3.3.4 | |
| redhat | jboss_operations_network | 3.3.5 | |
| redhat | jboss_operations_network | 3.3.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE5BA7D-BEFA-474C-BBD3-4C22F1283182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4EFFA4B2-1562-48E0-A598-3C1F8973FDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "495496C9-8CFE-431D-84EB-1C94B7C74E82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1B302147-A832-4AA0-A662-1C64621DCD81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E46F0C85-B727-4346-B3E6-49227A4E370B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AD668F66-5C36-4203-BAD9-6F353B818CBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB1830AE-5093-4218-B131-ED5E332165CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1354A99D-1CA5-462E-B292-2C0B12250570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C680ED-9ACF-4B3E-BE2C-5C47DE6DC30D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "90796C3B-F278-41E0-A706-7BB33D09328F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "33D7B012-CB65-4DA0-814F-53E7F4A268C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F10109E8-7A17-496A-B914-7E202E35AB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "070A2CF9-370D-4A0F-A2D1-13E1F0FC84B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "26DA7A0D-2B06-465C-81BA-B6451C57A741",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737."
},
{
"lang": "es",
"value": "El servidor en Red Hat JBoss Operations Network (JON), cuando la autenticaci\u00f3n SSL no est\u00e1 configurada para comunicaci\u00f3n de agente servidor JON, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de una petici\u00f3n HTTP manipulada, relacionado con deserializaci\u00f3n de mensajes. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2016-3737."
}
],
"id": "CVE-2016-6330",
"lastModified": "2024-11-21T02:55:54.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-09-27T15:59:06.923",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/92568"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368864"
},
{
"source": "secalert@redhat.com",
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/92568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.tenable.com/security/research/tra-2016-22"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-12-24 19:55
Modified
2024-11-21 01:55
Severity ?
Summary
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.1.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F57B34F5-66CD-4051-8406-54709C39572F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network 3.1.2 utiliza permisos de lectura globales para ficheros de configuraci\u00f3n de (1) servidor y (2) agente, lo cual permite a usuarios locales obtener credenciales de autenticaci\u00f3n y otra informaci\u00f3n sensible no especificada mediante la lectura de dichos ficheros."
}
],
"id": "CVE-2013-4452",
"lastModified": "2024-11-21T01:55:35.820",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-12-24T19:55:07.130",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1762.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55852"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/63916"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1029390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1762.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/55852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/63916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1029390"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 01:34
Severity ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 2.0.0 | |
| redhat | jboss_operations_network | 2.0.1 | |
| redhat | jboss_operations_network | 2.1.0 | |
| redhat | jboss_operations_network | 2.2 | |
| redhat | jboss_operations_network | 2.3 | |
| redhat | jboss_operations_network | 2.3.1 | |
| redhat | jboss_operations_network | 2.4 | |
| redhat | jboss_operations_network | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network (JON) anterior a 2.4.2 y 3.0.x anterior a 3.0.1 permite a atacantes remotos secuestrar sesiones de agente a trav\u00e9s de una solicitud de registro de agente sin un token de seguridad."
}
],
"id": "CVE-2012-0062",
"lastModified": "2024-11-21T01:34:18.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-14T15:55:04.783",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783008"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-13 15:59
Modified
2024-11-21 02:18
Severity ?
Summary
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.3.1 | |
| redhat | jboss_enterprise_application_platform | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C680ED-9ACF-4B3E-BE2C-5C47DE6DC30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AC9D55-C1C7-4BAB-8D1E-F2413B19FA4C",
"versionEndIncluding": "6.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute."
},
{
"lang": "es",
"value": "El subsistema JBoss Application Server (WildFly) JacORB en Red Hat JBoss Enterprise Application Platform (EAP) anterior a 6.3.3 no asigna correctamente la configuraci\u00f3n de la sensibilidad de las referencias a vinculaciones de sockets al atributo del dominio de seguridad, lo que permite a usuarios remotos autenticados obtener informaci\u00f3n sensible mediante el aprovechamiento del acceso al atributo del dominio de seguridad."
}
],
"id": "CVE-2014-7853",
"lastModified": "2024-11-21T02:18:08.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-13T15:59:06.260",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0215.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0216.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0217.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0218.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0920.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1031741"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0215.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0216.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0217.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0218.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0920.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1031741"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100891"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-11 14:59
Modified
2024-11-21 02:29
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43F32DCA-99BD-474F-88D7-4383FDB936EB",
"versionEndIncluding": "3.3.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de error 404 en Red Hat JBoss Operations Network en versiones anteriores a 3.3.3, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de una URL manipulada."
}
],
"id": "CVE-2015-3267",
"lastModified": "2024-11-21T02:29:02.230",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2015-08-11T14:59:08.133",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/76335"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1033136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/76335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1033136"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-14 15:55
Modified
2024-11-21 01:36
Severity ?
Summary
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * | |
| redhat | jboss_operations_network | 2.0.0 | |
| redhat | jboss_operations_network | 2.0.1 | |
| redhat | jboss_operations_network | 2.1.0 | |
| redhat | jboss_operations_network | 2.2 | |
| redhat | jboss_operations_network | 2.3 | |
| redhat | jboss_operations_network | 2.3.1 | |
| redhat | jboss_operations_network | 2.4 | |
| redhat | jboss_operations_network | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87E50BCC-4B27-43F7-8AB3-EC27297C4B2C",
"versionEndIncluding": "2.4.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D29DC3CE-E782-47F7-BDF4-4AB63728F05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4A10F6-2128-4986-8A28-BD9B679D8380",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B720DED-23EE-4830-9C8B-441A38DAE80E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0FD44168-A91A-4043-8C34-7A20DC2C1A19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "66926B59-4A4F-47B9-9B2B-3D8DC698BC97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D72DFB62-EEA6-4126-9DC3-B191CC8D0CA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B8DBE132-2A98-40C6-947F-50C1D06DDFB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network (JON) 3.0.x anterior a 3.0.1, 2.4.2 y anteriores, cuando la autenticaci\u00f3n LDAP est\u00e1 habilitada y las credenciales de la cuenta LDAP bind no son v\u00e1lidos, permite a atacantes remotos iniciar una sesi\u00f3n en cuentas basadas en LDAP a trav\u00e9s de una contrase\u00f1a arbitraria en una solicitud de inicio de sesi\u00f3n."
}
],
"id": "CVE-2012-1100",
"lastModified": "2024-11-21T01:36:25.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-14T15:55:04.813",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0396.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0396.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799789"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-04-01 06:35
Modified
2024-11-21 01:34
Severity ?
Summary
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15617BD3-9C4E-451B-92B4-BCE693E4630A",
"versionEndIncluding": "3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network (JON) anterior a 3.0.1 utiliza permisos 0777 para el directorio root cuando instala un cliente remoto, lo que permite a usuarios locales leer o modificar subdirectorios y archivos dentro del directorio root, como fue demostrado obteniendo credenciales JON."
}
],
"id": "CVE-2012-0032",
"lastModified": "2024-11-21T01:34:15.087",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-04-01T06:35:52.530",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-14 12:15
Modified
2024-11-21 06:36
Severity ?
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:log4j:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2954BDA9-F03D-44AC-A9EA-3E89036EEFA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:codeready_studio:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BAF877F-B8D5-4313-AC5C-26BB82006B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B87C8AD3-8878-4546-86C2-BF411876648C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F039C746-2001-4EE5-835F-49607A94F12B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C4404A-CFB7-4B47-9487-F998825C31CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq:7:*:*:*:*:*:*:*",
"matchCriteriaId": "A58966CB-36AF-4E64-AB39-BE3A0753E155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_a-mq_streaming:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7257E5-B4A7-4299-8FE1-A94121E47528",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5CDDAFDB-E67A-4795-B2C4-C2D31734ABC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88BF3B2C-B121-483A-AEF2-8082F6DA5310",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_fuse_service_works:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B78438D-1321-4BF4-AEB1-DAF60D589530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:jboss_web_server:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54EB07A0-FB38-4F17-9C8D-DB629967F07B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A33441B3-B301-426C-A976-08CE5FE72EFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6B62E762-2878-455A-93C9-A5DB430D7BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "91B493F0-5542-49F7-AAAE-E6CA6E468D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:process_automation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "20A6B40D-F991-4712-8E30-5FE008505CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:single_sign-on:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFEC7CA-8DDA-48A6-A7B6-1F1D14792890",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
"matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A62E2A25-1AD7-4B4B-9D1B-F0DEA4550557",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:advanced_supply_chain_planning:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0331158C-BBE0-42DB-8180-EB1FCD290567",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28CDCE04-B074-4D7A-B6E4-48193458C9A0",
"versionEndExcluding": "12.0.0.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite_cloud_manager_and_cloud_backup_module:2.2.1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6ED0EE39-C080-4E75-AE0F-3859B57EF851",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "054B56E0-F11B-4939-B7E1-E722C67A041A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "250A493C-E052-4978-ABBE-786DC8038448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2B771B-230A-4811-94D7-065C2722E428",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F17531CB-DE8A-4ACD-93A0-6A5A8481D51B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:-:*:*:*:*:*:*:*",
"matchCriteriaId": "507E7AEE-C2FC-4EED-B0F7-5E41642C0BF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
"versionEndExcluding": "11.2.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
"versionEndIncluding": "8.0.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "51E83F05-B691-4450-BCA9-32209AEC4F6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "288235F9-2F9E-469A-BE14-9089D0782875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6672F9C1-DA04-47F1-B699-C171511ACE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11E57939-A543-44F7-942A-88690E39EABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:stream_analytics:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0B45A731-11D1-433B-B202-9C8D67C609F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_grid:-:*:*:*:*:*:*:*",
"matchCriteriaId": "900D9DBF-8071-4CE5-A67A-9E0C00D04B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB7D0A30-3986-49AB-B7F3-DAE0024504BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."
},
{
"lang": "es",
"value": "JMSAppender en Log4j versi\u00f3n 1.2 es vulnerable a una deserializaci\u00f3n de datos no confiables cuando el atacante presenta acceso de escritura a la configuraci\u00f3n de Log4j. El atacante puede proporcionar configuraciones TopicBindingName y TopicConnectionFactoryBindingName haciendo que JMSAppender realice peticiones JNDI que resulten en la ejecuci\u00f3n de c\u00f3digo remota de forma similar a CVE-2021-44228. Tenga en cuenta que este problema s\u00f3lo afecta a Log4j versi\u00f3n 1.2 cuando es configurado espec\u00edficamente para usar JMSAppender, que no es el predeterminado. Apache Log4j versi\u00f3n 1.2 lleg\u00f3 al final de su vida \u00fatil en agosto de 2015. Los usuarios deber\u00edan actualizar a Log4j 2 ya que aborda otros numerosos problemas de las versiones anteriores"
}
],
"id": "CVE-2021-4104",
"lastModified": "2024-11-21T06:36:54.560",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-14T12:15:12.200",
"references": [
{
"source": "security@apache.org",
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
},
{
"source": "security@apache.org",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"source": "security@apache.org",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"source": "security@apache.org",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202312-02"
},
{
"source": "security@apache.org",
"url": "https://security.gentoo.org/glsa/202312-04"
},
{
"source": "security@apache.org",
"url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
},
{
"source": "security@apache.org",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"source": "security@apache.org",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@apache.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202312-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"sourceIdentifier": "security@apache.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "security@apache.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-502"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-04-24 14:59
Modified
2024-11-21 02:22
Severity ?
Summary
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | jboss_operations_network | 3.3.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "89C680ED-9ACF-4B3E-BE2C-5C47DE6DC30D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager."
},
{
"lang": "es",
"value": "Red Hat JBoss Operations Network 3.3.1 no restringe adecuadamente el acceso a ciertas APIs, lo que permite a atacantes remotos ejecutar m\u00e9todos Java arbitrarios a trav\u00e9s de (1) ServerInvokerServlet o (2) SchedulerService o (3) causar una denegaci\u00f3n de servicio (consumo de disco) a trav\u00e9s de ContentManager."
}
],
"id": "CVE-2015-0297",
"lastModified": "2024-11-21T02:22:45.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-24T14:59:06.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id/1032181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1032181"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-3834
Vulnerability from cvelistv5
Published
2019-10-03 13:31
Modified
2024-08-04 19:19
Severity ?
EPSS score ?
Summary
It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:19:18.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "struts",
"vendor": "RedHat",
"versions": [
{
"status": "affected",
"version": "all versions under 1.3.10_1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-470",
"description": "CWE-470",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-03T13:31:06",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2019-3834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "struts",
"version": {
"version_data": [
{
"version_value": "all versions under 1.3.10_1"
}
]
}
}
]
},
"vendor_name": "RedHat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.6/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-470"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3834"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2019-3834",
"datePublished": "2019-10-03T13:31:06",
"dateReserved": "2019-01-03T00:00:00",
"dateUpdated": "2024-08-04T19:19:18.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4452
Vulnerability from cvelistv5
Published
2013-12-24 19:00
Modified
2024-08-06 16:45
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1029390 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/63916 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/55852 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2013-1762.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:45:14.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1029390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029390"
},
{
"name": "63916",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63916"
},
{
"name": "55852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55852"
},
{
"name": "RHSA-2013:1762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1762.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other unspecified sensitive information by reading these files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-24T19:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1029390",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029390"
},
{
"name": "63916",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/63916"
},
{
"name": "55852",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55852"
},
{
"name": "RHSA-2013:1762",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1762.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4452",
"datePublished": "2013-12-24T19:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:45:14.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0052
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=781964 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0089.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-0406.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781964"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=781964"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0052",
"datePublished": "2014-02-14T15:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-3267
Vulnerability from cvelistv5
Published
2015-08-11 14:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1033136 | vdb-entry, x_refsource_SECTRACK | |
| http://rhn.redhat.com/errata/RHSA-2015-1525.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/76335 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1033136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1033136"
},
{
"name": "RHSA-2015:1525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
},
{
"name": "76335",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/76335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-01T15:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "1033136",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1033136"
},
{
"name": "RHSA-2015:1525",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-1525.html"
},
{
"name": "76335",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/76335"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3267",
"datePublished": "2015-08-11T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6330
Vulnerability from cvelistv5
Published
2016-09-27 15:00
Modified
2024-08-06 01:29
Severity ?
EPSS score ?
Summary
The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2016-22 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1368864 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/92568 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:29:18.446Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368864"
},
{
"name": "92568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-22T21:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1368864"
},
{
"name": "92568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92568"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-6330",
"datePublished": "2016-09-27T15:00:00",
"dateReserved": "2016-07-26T00:00:00",
"dateUpdated": "2024-08-06T01:29:18.446Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4293
Vulnerability from cvelistv5
Published
2013-10-24 01:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1002853 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1448.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.909Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853"
},
{
"name": "RHSA-2013:1448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1002853"
},
{
"name": "RHSA-2013:1448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4293",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-06-12T00:00:00Z",
"dateUpdated": "2024-08-06T16:38:01.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4373
Vulnerability from cvelistv5
Published
2013-10-24 01:00
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/88179 | vdb-entry, x_refsource_XF | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1011824 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1448.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:02.213Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "jon-cve20134373-insecure-permissions(88179)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88179"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011824"
},
{
"name": "RHSA-2013:1448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary directory that is used to unpack zip files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "jon-cve20134373-insecure-permissions(88179)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/88179"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1011824"
},
{
"name": "RHSA-2013:1448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1448.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4373",
"datePublished": "2013-10-24T01:00:00",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:02.213Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-4374
Vulnerability from cvelistv5
Published
2019-11-04 21:16
Modified
2024-08-06 16:38
Severity ?
EPSS score ?
Summary
An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2013-4374 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | RHQ Mongo DB Drift Server | RHQ Mongo DB Drift Server |
Version: through 2013-09-25 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:38:01.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4374"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "RHQ Mongo DB Drift Server",
"vendor": "RHQ Mongo DB Drift Server",
"versions": [
{
"status": "affected",
"version": "through 2013-09-25"
}
]
}
],
"datePublic": "2013-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Malicious change set import due to insecure temporary file usage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T21:16:52",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4374"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2013-4374"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-4374",
"datePublished": "2019-11-04T21:16:52",
"dateReserved": "2013-06-12T00:00:00",
"dateUpdated": "2024-08-06T16:38:01.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-14340
Vulnerability from cvelistv5
Published
2021-06-02 12:04
Modified
2024-08-04 12:39
Severity ?
EPSS score ?
Summary
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1860218 | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpujan2022.html | x_refsource_MISC | |
| https://www.oracle.com/security-alerts/cpuapr2022.html | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:39:36.533Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "XNIO",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "xnio 3.7.9.Final, xnio 3.8.2.Final, xnio 3.9.0.Final"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:36",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-14340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "XNIO",
"version": {
"version_data": [
{
"version_value": "xnio 3.7.9.Final, xnio 3.8.2.Final, xnio 3.9.0.Final"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-14340",
"datePublished": "2021-06-02T12:04:28",
"dateReserved": "2020-06-17T00:00:00",
"dateUpdated": "2024-08-04T12:39:36.533Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-0297
Vulnerability from cvelistv5
Published
2015-04-24 14:00
Modified
2024-08-06 04:03
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2015-0862.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1032181 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:03:10.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2015:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
"name": "1032181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-29T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2015:0862",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0862.html"
},
{
"name": "1032181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032181"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-0297",
"datePublished": "2015-04-24T14:00:00",
"dateReserved": "2014-11-18T00:00:00",
"dateUpdated": "2024-08-06T04:03:10.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0032
Vulnerability from cvelistv5
Published
2014-04-01 01:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0406.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=772514 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files within the root directory, as demonstrated by obtaining JON credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=772514"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0032",
"datePublished": "2014-04-01T01:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-06T18:09:17.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-0737
Vulnerability from cvelistv5
Published
2019-10-30 22:11
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:39.003Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "2.3.1"
}
]
}
],
"datePublic": "2011-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:11:50",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0737"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0737",
"datePublished": "2019-10-30T22:11:50",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:39.003Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-5422
Vulnerability from cvelistv5
Published
2016-09-07 19:00
Modified
2024-08-06 01:00
Severity ?
EPSS score ?
Summary
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2016-1785.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securityfocus.com/bid/92722 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:00:59.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:1785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
},
{
"name": "92722",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92722"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-09-07T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:1785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1785.html"
},
{
"name": "92722",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92722"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-5422",
"datePublished": "2016-09-07T19:00:00",
"dateReserved": "2016-06-10T00:00:00",
"dateUpdated": "2024-08-06T01:00:59.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-7501
Vulnerability from cvelistv5
Published
2017-11-09 00:00
Modified
2024-08-06 07:51
Severity ?
EPSS score ?
Summary
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:51:28.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:0040",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"name": "RHSA-2015:2670",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"name": "RHSA-2015:2501",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"name": "RHSA-2015:2517",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"name": "78215",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"name": "1034097",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"name": "RHSA-2015:2671",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"name": "1037052",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"name": "1037640",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2015:2522",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"name": "RHSA-2015:2521",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"name": "RHSA-2015:2516",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"name": "RHSA-2015:2500",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"name": "RHSA-2015:2514",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"name": "RHSA-2015:2502",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"name": "RHSA-2015:2536",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"name": "RHSA-2016:1773",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"name": "RHSA-2015:2524",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"name": "1037053",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/solutions/2045023"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-16T13:06:08.221728",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:0040",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
},
{
"name": "RHSA-2015:2670",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
},
{
"name": "RHSA-2015:2501",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
},
{
"name": "RHSA-2015:2517",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
},
{
"name": "78215",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/78215"
},
{
"name": "1034097",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1034097"
},
{
"name": "RHSA-2015:2671",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
},
{
"name": "1037052",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037052"
},
{
"name": "1037640",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037640"
},
{
"name": "RHSA-2015:2522",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
},
{
"name": "RHSA-2015:2521",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
},
{
"name": "RHSA-2015:2516",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
},
{
"name": "RHSA-2015:2500",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
},
{
"name": "RHSA-2015:2514",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
},
{
"name": "RHSA-2015:2502",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
},
{
"name": "RHSA-2015:2536",
"tags": [
"vendor-advisory"
],
"url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
},
{
"name": "RHSA-2016:1773",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
},
{
"name": "RHSA-2015:2524",
"tags": [
"vendor-advisory"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
},
{
"name": "1037053",
"tags": [
"vdb-entry"
],
"url": "http://www.securitytracker.com/id/1037053"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
},
{
"url": "https://access.redhat.com/solutions/2045023"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"url": "https://access.redhat.com/security/vulnerabilities/2059393"
},
{
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-7501",
"datePublished": "2017-11-09T00:00:00",
"dateReserved": "2015-09-29T00:00:00",
"dateUpdated": "2024-08-06T07:51:28.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-2165
Vulnerability from cvelistv5
Published
2013-07-22 19:00
Modified
2024-08-06 15:27
Severity ?
EPSS score ?
Summary
ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN38787103/index.html | third-party-advisory, x_refsource_JVN | |
| https://access.redhat.com/security/cve/CVE-2013-2165 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=973570 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2013-1045.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1041.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1043.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2013-1044.html | vendor-advisory, x_refsource_REDHAT | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072 | third-party-advisory, x_refsource_JVNDB | |
| http://rhn.redhat.com/errata/RHSA-2013-1042.html | vendor-advisory, x_refsource_REDHAT | |
| http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html | x_refsource_MISC | |
| http://seclists.org/fulldisclosure/2020/Mar/21 | mailing-list, x_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:27:41.075Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#38787103",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
},
{
"name": "RHSA-2013:1045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"name": "RHSA-2013:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"name": "RHSA-2013:1043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"name": "RHSA-2013:1044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"name": "JVNDB-2013-000072",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"name": "RHSA-2013:1042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"name": "20200313 RichFaces exploitation toolkit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-07-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0, Red Hat JBoss BRMS through 5.3.1, Red Hat JBoss SOA Platform through 4.3.0 CP05 and 5.x through 5.3.1, Red Hat JBoss Portal through 4.3 CP07 and 5.x through 5.2.2, and Red Hat JBoss Operations Network through 2.4.2 and 3.x through 3.1.2 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to execute arbitrary code via crafted serialized data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-14T00:06:03",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "JVN#38787103",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN38787103/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/CVE-2013-2165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=973570"
},
{
"name": "RHSA-2013:1045",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1045.html"
},
{
"name": "RHSA-2013:1041",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1041.html"
},
{
"name": "RHSA-2013:1043",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1043.html"
},
{
"name": "RHSA-2013:1044",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1044.html"
},
{
"name": "JVNDB-2013-000072",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2013-000072"
},
{
"name": "RHSA-2013:1042",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1042.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156663/Richsploit-RichFaces-Exploitation-Toolkit.html"
},
{
"name": "20200313 RichFaces exploitation toolkit",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Mar/21"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-2165",
"datePublished": "2013-07-22T19:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:27:41.075Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5626
Vulnerability from cvelistv5
Published
2020-01-23 18:10
Modified
2024-08-06 21:14
Severity ?
EPSS score ?
Summary
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626 | x_refsource_CONFIRM | |
| https://access.redhat.com/security/cve/cve-2012-5626 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | JBoss BRMS |
Version: 5 |
||||||||||||||||||||
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:14:16.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5626"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JBoss BRMS",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "5"
}
]
},
{
"product": "JBoss Enterprise Application Platform",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "5"
}
]
},
{
"product": "JBoss Operations Network",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "3.1"
}
]
},
{
"product": "JBoss Portal",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4"
},
{
"status": "affected",
"version": "5"
}
]
},
{
"product": "JBoss SOA Platform",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4.2"
},
{
"status": "affected",
"version": "4.3"
},
{
"status": "affected",
"version": "5"
}
]
},
{
"product": "JBoss Enterprise Web Server",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "1"
}
]
}
],
"datePublic": "2016-02-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Other",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-23T18:10:30",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-5626"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://access.redhat.com/security/cve/cve-2012-5626"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-5626",
"datePublished": "2020-01-23T18:10:30",
"dateReserved": "2012-10-24T00:00:00",
"dateUpdated": "2024-08-06T21:14:16.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-3737
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-06 00:03
Severity ?
EPSS score ?
Summary
The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.tenable.com/security/research/tra-2016-22 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1333618 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2016-1519.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1036507 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:03:34.495Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
},
{
"name": "RHSA-2016:1519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"name": "1036507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036507"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-02T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/security/research/tra-2016-22"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1333618"
},
{
"name": "RHSA-2016:1519",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"name": "1036507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036507"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-3737",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2016-03-30T00:00:00",
"dateUpdated": "2024-08-06T00:03:34.495Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-4104
Vulnerability from cvelistv5
Published
2021-12-14 00:00
Modified
2024-08-03 17:16
Severity ?
EPSS score ?
Summary
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Apache Software Foundation | Apache Log4j 1.x |
Version: Apache Log4j 1.2 1.2.x |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T17:16:04.172Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202310-16",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"name": "GLSA-202312-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-02"
},
{
"name": "GLSA-202312-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202312-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Apache Log4j 1.x",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Log4j 1.2 1.2.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T09:06:15.357899",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
},
{
"url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4104"
},
{
"name": "VU#930724",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/930724"
},
{
"name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
},
{
"url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "GLSA-202209-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202209-02"
},
{
"name": "GLSA-202310-16",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202310-16"
},
{
"name": "GLSA-202312-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-02"
},
{
"name": "GLSA-202312-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202312-04"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2021-4104",
"datePublished": "2021-12-14T00:00:00",
"dateReserved": "2021-12-13T00:00:00",
"dateUpdated": "2024-08-03T17:16:04.172Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-7853
Vulnerability from cvelistv5
Published
2015-02-13 15:00
Modified
2024-08-06 13:03
Severity ?
EPSS score ?
Summary
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100891 | vdb-entry, x_refsource_XF | |
| http://rhn.redhat.com/errata/RHSA-2015-0920.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0215.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0217.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0218.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2015-0216.html | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1031741 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:03:27.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "redhat-jboss-cve20147853-info-disc(100891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100891"
},
{
"name": "RHSA-2015:0920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0920.html"
},
{
"name": "RHSA-2015:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0215.html"
},
{
"name": "RHSA-2015:0217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0217.html"
},
{
"name": "RHSA-2015:0218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0218.html"
},
{
"name": "RHSA-2015:0216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0216.html"
},
{
"name": "1031741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1031741"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "redhat-jboss-cve20147853-info-disc(100891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100891"
},
{
"name": "RHSA-2015:0920",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0920.html"
},
{
"name": "RHSA-2015:0215",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0215.html"
},
{
"name": "RHSA-2015:0217",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0217.html"
},
{
"name": "RHSA-2015:0218",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0218.html"
},
{
"name": "RHSA-2015:0216",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2015-0216.html"
},
{
"name": "1031741",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1031741"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-7853",
"datePublished": "2015-02-13T15:00:00",
"dateReserved": "2014-10-03T00:00:00",
"dateUpdated": "2024-08-06T13:03:27.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-0062
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 18:16
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
References
| ▼ | URL | Tags |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0089.html | vendor-advisory, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=783008 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0406.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:16:18.442Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783008"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=783008"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0062",
"datePublished": "2014-02-14T15:00:00",
"dateReserved": "2011-12-07T00:00:00",
"dateUpdated": "2024-08-06T18:16:18.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4573
Vulnerability from cvelistv5
Published
2014-04-01 01:00
Modified
2024-08-07 00:09
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=760024 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0089.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce \"modify resource\" permissions for remote authenticated users when deleting a plug-in configuration update from the group connection properties history, which prevents such activities from being recorded in the audit trail."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-01T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=760024"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4573",
"datePublished": "2014-04-01T01:00:00",
"dateReserved": "2011-11-29T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5083
Vulnerability from cvelistv5
Published
2019-11-07 23:18
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083 | x_refsource_MISC | |
| https://access.redhat.com/security/cve/cve-2008-5083 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:17.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2008-5083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "JON",
"vendor": "JON",
"versions": [
{
"status": "affected",
"version": "2.1.x before 2.1.2 SP1"
}
]
}
],
"datePublic": "2018-12-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": " unauthorized access private property",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-07T23:18:28",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-5083"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2008-5083"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-5083",
"datePublished": "2019-11-07T23:18:28",
"dateReserved": "2008-11-14T00:00:00",
"dateUpdated": "2024-08-07T10:40:17.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1100
Vulnerability from cvelistv5
Published
2014-02-14 15:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=799789 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0396.html | vendor-advisory, x_refsource_REDHAT | |
| http://rhn.redhat.com/errata/RHSA-2012-0406.html | vendor-advisory, x_refsource_REDHAT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799789"
},
{
"name": "RHSA-2012:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0396.html"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-03-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login to LDAP-based accounts via an arbitrary password in a login request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=799789"
},
{
"name": "RHSA-2012:0396",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0396.html"
},
{
"name": "RHSA-2012:0406",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0406.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1100",
"datePublished": "2014-02-14T15:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3206
Vulnerability from cvelistv5
Published
2012-01-08 00:00
Modified
2024-08-06 23:29
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/47197 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/47280 | third-party-advisory, x_refsource_SECUNIA | |
| http://rhn.redhat.com/errata/RHSA-2012-0089.html | vendor-advisory, x_refsource_REDHAT | |
| http://securitytracker.com/id?1026435 | vdb-entry, x_refsource_SECTRACK | |
| https://bugzilla.redhat.com/show_bug.cgi?id=734662 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:29:55.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47197"
},
{
"name": "47280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47280"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"name": "1026435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1026435"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka JON or JBoss ON) before 3.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-14T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "47197",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47197"
},
{
"name": "47280",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47280"
},
{
"name": "RHSA-2012:0089",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0089.html"
},
{
"name": "1026435",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1026435"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=734662"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3206",
"datePublished": "2012-01-08T00:00:00",
"dateReserved": "2011-08-19T00:00:00",
"dateUpdated": "2024-08-06T23:29:55.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}