Skip to main content

Jboss Operations Network

17 CVEs product

Monthly

CVE-2021-4104 Maven HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache Log4J Fedora +44
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
72.2%
CVE-2019-3834 HIGH This Week

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Jboss Operations Network
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2015-7501 Maven CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java Red Hat Data Grid +14
NVD
CVSS 3.0
9.8
EPSS
71.5%
Threat
4.1
CVE-2016-6330 CRITICAL Act Now

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.0% and no vendor patch available.

Deserialization Red Hat RCE Jboss Operations Network
NVD
CVSS 3.0
9.8
EPSS
13.0%
CVE-2016-5422 HIGH PATCH This Week

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Jboss Operations Network
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2016-3737 CRITICAL Act Now

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE Jboss Operations Network
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2015-3267 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Operations Network
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2015-0297 CRITICAL Act Now

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Java Authentication Bypass Jboss Operations Network
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2014-7853 MEDIUM This Month

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network Jboss Enterprise Application Platform
NVD
CVSS 2.0
4.0
EPSS
0.4%
CVE-2012-0032 LOW Monitor

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD VulDB
CVSS 2.0
3.7
EPSS
0.0%
CVE-2012-1100 MEDIUM This Month

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-0062 MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2012-0052 MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
CVSS 2.0
5.8
EPSS
0.3%
CVE-2013-4452 LOW Monitor

Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-4373 LOW Monitor

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
CVSS 2.0
3.2
EPSS
0.1%
CVE-2013-4293 LOW Monitor

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
CVSS 2.0
2.1
EPSS
0.0%
CVE-2013-2165 Maven HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java Deserialization RCE +8
NVD
CVSS 2.0
7.5
EPSS
24.1%
EPSS 72% CVSS 7.5
HIGH Act Now

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 72.2% and no vendor patch available.

RCE Deserialization Apache +46
NVD GitHub VulDB
EPSS 1% CVSS 7.3
HIGH This Week

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Red Hat Jboss Operations Network
NVD
EPSS 71% 4.1 CVSS 9.8
CRITICAL EUVD KEV PATCH Act Now

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 71.5%.

Apache Deserialization Java +16
NVD
EPSS 13% CVSS 9.8
CRITICAL Act Now

The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.0% and no vendor patch available.

Deserialization Red Hat RCE +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Red Hat Privilege Escalation Jboss Operations Network
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Red Hat RCE +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS Red Hat Jboss Operations Network
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Denial Of Service Java +2
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network +1
NVD
EPSS 0% CVSS 3.7
LOW Monitor

Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files. Rated low severity (CVSS 3.7). No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD VulDB
EPSS 0% CVSS 5.8
MEDIUM This Month

Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind account credentials are invalid, allows remote attackers to login. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Authentication Bypass Jboss Operations Network
NVD
EPSS 0% CVSS 5.8
MEDIUM This Month

Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows local users to obtain authentication credentials and other. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Privilege Escalation Jboss Operations Network
NVD
EPSS 0% CVSS 3.2
LOW Monitor

The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift files into a server by writing the files to the temporary. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive information by reading the log files. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Red Hat Information Disclosure Jboss Operations Network
NVD
EPSS 24% CVSS 7.5
HIGH PATCH Act Now

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 24.1%.

Red Hat Privilege Escalation Java +10
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy