Skip to main content

Jboss Enterprise Brms Platform

16 CVEs product

Monthly

CVE-2015-7501 Maven CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
CVE-2016-5401 HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite Jboss Enterprise Brms Platform
NVD
CVSS 3.0
8.8
EPSS
0.1%
CVE-2016-4999 CRITICAL Act Now

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Dashbuilder Jboss Bpm Suite Jboss Enterprise Brms Platform
NVD GitHub
CVSS 3.1
9.8
EPSS
7.0%
CVE-2015-0250 Maven MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache Ubuntu Linux Batik +1
NVD
CVSS 2.0
6.4
EPSS
1.5%
CVE-2014-0005 LOW Monitor

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
3.6
EPSS
0.2%
CVE-2014-3518 MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD
CVSS 2.0
6.8
EPSS
1.7%
CVE-2013-6468 MEDIUM This Month

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection Red Hat Jboss Bpm Suite +2
NVD VulDB
CVSS 2.0
6.5
EPSS
0.5%
CVE-2013-2186 Maven HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure Jboss Enterprise Brms Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
7.5
EPSS
87.1%
Threat
4.1
CVE-2013-4210 MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2013-2165 Maven HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java Deserialization RCE +8
NVD
CVSS 2.0
7.5
EPSS
24.1%
CVE-2012-5478 MEDIUM This Month

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2012-3370 MEDIUM This Month

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
5.8
EPSS
1.7%
CVE-2012-3369 MEDIUM This Month

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Web Platform Jboss Enterprise Application Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2012-0034 LOW Monitor

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-2377 LOW Monitor

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
3.3
EPSS
1.0%
CVE-2012-1167 MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
4.6
EPSS
0.8%
EPSS 71% 4.1 CVSS 9.8
CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java +16
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Red Hat Jboss Bpm Suite +1
NVD
EPSS 7% CVSS 9.8
CRITICAL Act Now

SQL injection vulnerability in the getStringParameterSQL method in main/java/org/dashbuilder/dataprovider/sql/dialect/DefaultDialect.java in Dashbuilder before 0.6.0.Beta1 allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Java Dashbuilder +2
NVD GitHub
EPSS 1% CVSS 6.4
MEDIUM POC PATCH This Month

XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service XXE Apache +3
NVD
EPSS 0% CVSS 3.6
LOW Monitor

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the. Rated low severity (CVSS 3.6), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Enterprise Application Platform +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM Suite before 6.0.1 allows remote authenticated users to execute arbitrary Java code via a (1) MVFLEX Expression Language (MVEL) or. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Java RCE Code Injection +4
NVD VulDB
EPSS 87% 4.1 CVSS 7.5
HIGH PATCH Act Now

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 87.1%.

Red Hat Apache Information Disclosure +5
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform +3
NVD
EPSS 24% CVSS 7.5
HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java +10
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 2% CVSS 5.8
MEDIUM This Month

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Web Platform Jboss Enterprise Application Platform +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 1% CVSS 3.3
LOW Monitor

JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Portal Platform Jboss Enterprise Soa Platform +1
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy