Vulnerabilities for Jboss brms (...) - CXSECURITY.COM

Vulnerabilities for 'Jboss brms'

2021-06-02

CVE-2020-14340

CWE-400

A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

2020-01-23

CVE-2012-5626

NVD-CWE-noinfo

EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.

2019-03-21

CVE-2018-12023

CWE-502

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

CVE-2018-12022

CWE-502

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

2019-01-02

CVE-2018-19362

CWE-502

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

CVE-2018-19361

CWE-502

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

CVE-2018-19360

CWE-502

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

2018-09-10

CVE-2016-7041

CWE-22

Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host.

2018-01-10

CVE-2017-17485

CWE-502

FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath.

>>> Vendor: Redhat 373 Products

Certificate server

Directory server

Enterprise linux

Enterprise linux desktop

Linux powertools

Redhat package manager

Docbook stylesheets

Pre-execution environment

Linux advanced workstation

Analog real-time synthesizer

Kdelibs sound devel

Package manager

Jboss application server

Network satelite server

Network satellite server

Enterprise linux desktop workstation

Fedora directory server

Desktop workstation

Certificate system

Jboss enterprise application platform

dogtag certificate system

Cluster project

Dogtag certificate system

Enterprise virtualization

Network satellite

Enterprise virtualization hypervisor

Enterprise virtualization manager

Jboss enterprise service bus

Jboss enterprise soa platform

Jboss enterprise web platform

389 directory server

Policycoreutils

Jboss seam 2 framework

Virtualization manager

See all Products for Vendor Redhat

Copyright 2024, cxsecurity.com