Filtered by vendor Redhat
Subscribe
Filtered by product Jboss Enterprise Application Platform
Subscribe
Total
227 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7066 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations. | |||||
| CVE-2016-7061 | 1 Redhat | 2 Enterprise Linux, Jboss Enterprise Application Platform | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information. | |||||
| CVE-2014-0169 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application. | |||||
| CVE-2013-6495 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| JBossWeb Bayeux has reflected XSS | |||||
| CVE-2012-5626 | 1 Redhat | 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | |||||
| CVE-2012-2312 | 1 Redhat | 2 Jboss Application Server, Jboss Enterprise Application Platform | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges. | |||||
| CVE-2011-2487 | 2 Apache, Redhat | 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | |||||