Skip to main content

Jboss Enterprise Web Platform

12 CVEs product

Monthly

CVE-2014-0248 MEDIUM This Month

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
CVSS 2.0
6.8
EPSS
2.3%
CVE-2014-0224 HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Web Server +12
NVD
CVSS 3.1
7.4
EPSS
89.7%
Threat
5.7
CVE-2013-4210 MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform +1
NVD
CVSS 2.0
5.0
EPSS
1.3%
CVE-2012-5575 Maven MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf Jboss Enterprise Application Platform Jboss Enterprise Portal Platform +3
NVD
CVSS 2.0
6.4
EPSS
9.5%
CVE-2013-2165 Maven HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java Deserialization RCE +8
NVD
CVSS 2.0
7.5
EPSS
24.1%
CVE-2012-5629 HIGH This Week

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
7.5
EPSS
0.8%
CVE-2013-0218 LOW Monitor

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2012-5478 MEDIUM This Month

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.9
EPSS
0.5%
CVE-2012-3370 MEDIUM This Month

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
5.8
EPSS
1.7%
CVE-2012-3369 MEDIUM This Month

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Web Platform Jboss Enterprise Application Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
4.0
EPSS
1.3%
CVE-2012-0034 LOW Monitor

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Jboss Enterprise Web Platform Jboss Enterprise Brms Platform
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2012-1167 MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform Jboss Enterprise Soa Platform Jboss Enterprise Web Platform
NVD
CVSS 2.0
4.6
EPSS
0.8%
EPSS 2% CVSS 6.8
MEDIUM This Month

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Code Injection Red Hat +3
NVD
EPSS 90% 5.7 CVSS 7.4
HIGH POC PATCH THREAT Act Now

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 89.7%.

Information Disclosure OpenSSL Jboss Enterprise Application Platform +14
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Jboss Enterprise Application Platform +3
NVD
EPSS 10% CVSS 6.4
MEDIUM PATCH This Month

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Apache Information Disclosure Cxf +5
NVD
EPSS 24% CVSS 7.5
HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java +10
NVD
EPSS 1% CVSS 7.5
HIGH This Week

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The GUI installer in JBoss Enterprise Application Platform (EAP) and Enterprise Web Platform (EWP) 5.2.0 and possibly 5.1.2 uses world-readable permissions for the auto-install XML file, which allows. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jboss Enterprise Application Platform Jboss Enterprise Web Platform
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 2% CVSS 5.8
MEDIUM This Month

The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Web Platform Jboss Enterprise Application Platform +1
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Jboss Enterprise Application Platform Jboss Enterprise Web Platform +1
NVD
EPSS 1% CVSS 4.6
MEDIUM This Month

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Jboss Enterprise Application Platform Jboss Enterprise Brms Platform +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy