Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Enterprise Application Platform Subscriptions
Total 568 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2014-0169 1 Redhat 1 Jboss Enterprise Application Platform 2024-11-21 6.5 Medium
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
CVE-2013-6495 1 Redhat 3 Jboss Enterprise Application Platform, Jboss Enterprise Portal Platform, Jboss Portal 2024-11-21 6.1 Medium
JBossWeb Bayeux has reflected XSS
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 7.5 High
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2012-2312 1 Redhat 2 Jboss Application Server, Jboss Enterprise Application Platform 2024-11-21 7.8 High
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
CVE-2011-2487 2 Apache, Redhat 12 Cxf, Wss4j, Jboss Business Rules Management System and 9 more 2024-11-21 5.9 Medium
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2024-47535 2 Netty, Redhat 4 Netty, Amq Streams, Jboss Enterprise Application Platform and 1 more 2024-11-13 5.5 Medium
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
CVE-2023-1973 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus 2024-11-08 7.5 High
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
CVE-2024-8391 3 Eclipse, Eclipse Foundation, Redhat 6 Vert.x, Vert.x, Camel Quarkus and 3 more 2024-09-12 7.5 High
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client).  This is fixed in the 4.5.10 version.  Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc)