Skip to main content
CVE-2012-0874 MEDIUM POC THREAT This Month

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require...

RCE Authentication Bypass
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
51.3%
Threat
6.4
CVE-2012-3370 MEDIUM This Month

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
5.8
EPSS
1.7%
CVE-2012-5478 MEDIUM This Month

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2013-0176 MEDIUM PATCH This Month

The publickey_from_privatekey function in libssh before 0.5.4, when no algorithm is matched during negotiations, allows remote attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable.

Denial Of Service Microsoft Libssh
NVD
CVSS 2.0
4.3
EPSS
1.0%
CVE-2012-3369 MEDIUM This Month

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Web Platform Jboss Enterprise Application Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2012-0034 LOW Monitor

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-0218 LOW Monitor

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
2.1
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy