Skip to main content

Jboss A Mq

12 CVEs product

Monthly

CVE-2023-4066 MEDIUM This Month

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq Jboss Middleware Openshift Container Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-4065 MEDIUM This Month

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq Jboss Middleware Openshift Container Platform
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-1664 Maven MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Of Quarkus Jboss A Mq Keycloak Migration Toolkit For Runtimes +1
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2022-1278 Maven HIGH PATCH This Week

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wildfly Amq Amq Online Integration Camel K +4
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2021-4104 Maven HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache Log4J Fedora +44
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
72.2%
CVE-2021-3425 MEDIUM This Month

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2021-3536 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid Descision Manager Integration Camel K +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2015-7501 Maven CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
CVE-2015-5183 HIGH This Week

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq Jboss A Mq Jboss Enterprise Web Server
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2015-5181 MEDIUM This Month

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss A Mq
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-0085 Maven LOW PATCH Monitor

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Apache Information Disclosure Authentication Bypass Jboss A Mq Jboss Fuse
NVD VulDB
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-4372 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat XSS Jboss A Mq Jboss Fuse
NVD GitHub
CVSS 2.0
4.3
EPSS
0.4%
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq +2
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

A flaw was found in Keycloak. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Build Of Quarkus Jboss A Mq +3
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Wildfly Amq +6
NVD
EPSS 72% CVSS 7.5
HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache +46
NVD GitHub VulDB
EPSS 0% CVSS 4.4
MEDIUM This Month

A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application logfile when using the jdbc persistence functionality. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss A Mq
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid +7
NVD
EPSS 71% 4.1 CVSS 9.8
CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java +16
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Amq +2
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Jboss A Mq
NVD
EPSS 0% CVSS 2.1
LOW PATCH Monitor

JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Apache Information Disclosure Authentication Bypass +2
NVD VulDB
EPSS 0% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Red Hat XSS Jboss A Mq +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy