Skip to main content

Karaf

9 CVEs product

Monthly

CVE-2022-40145 Maven CRITICAL PATCH Act Now

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Karaf
NVD
CVSS 3.1
9.8
EPSS
2.4%
CVE-2020-28052 Maven HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java Karaf Banking Corporate Lending Process Management +17
NVD GitHub
CVSS 3.1
8.1
EPSS
7.1%
CVE-2020-11980 Maven MEDIUM PATCH This Month

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation SSRF Karaf
NVD
CVSS 3.1
6.3
EPSS
1.9%
CVE-2019-0226 Maven MEDIUM PATCH This Month

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
CVSS 3.0
4.9
EPSS
1.8%
CVE-2019-0191 Maven MEDIUM PATCH This Month

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
CVSS 3.0
6.5
EPSS
4.9%
CVE-2018-11787 Maven HIGH PATCH This Week

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Karaf
NVD
CVSS 3.0
8.1
EPSS
2.6%
CVE-2018-11786 Maven HIGH PATCH This Week

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apache Karaf
NVD
CVSS 3.0
8.8
EPSS
1.9%
CVE-2017-1000406 Maven HIGH This Week

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Karaf
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2014-0219 Maven MEDIUM PATCH This Month

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Apache Karaf
NVD
CVSS 3.0
5.5
EPSS
0.1%
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Apache Karaf
NVD
EPSS 7% CVSS 8.1
HIGH POC PATCH This Week

An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Java Information Disclosure Bc Java +19
NVD GitHub
EPSS 2% CVSS 6.3
MEDIUM PATCH This Month

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Privilege Escalation SSRF +1
NVD
EPSS 2% CVSS 4.9
MEDIUM PATCH This Month

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Apache Karaf
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Apache Karaf
NVD
EPSS 2% CVSS 8.8
HIGH PATCH This Week

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Apache Karaf
NVD
EPSS 0% CVSS 7.5
HIGH This Week

OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the Karaf cache is manually cleared (e.g. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Karaf
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Apache Karaf
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy