Apache Tomee
10 CVEs affecting Apache Tomee. Latest disclosed: 2021-09-19. Critical: 4, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-13931 | Critical | 9.8 | 2020-12-18 | If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is mi… |
CVE-2020-11969 | Critical | 9.8 | 2020-06-15 | If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099… |
CVE-2019-13990 | Critical | 9.8 | 2019-07-26 | initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description. |
CVE-2016-0779 | Critical | 9.8 | 2017-04-11 | The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized… |
CVE-2021-40690 | High | 7.5 | 2021-09-19 | All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passe… |
CVE-2021-30468 | High | 7.5 | 2021-06-16 | A vulnerability in the JsonMapObjectReaderWriter of Apache CXF allows an attacker to submit malformed JSON to a web service, which results in the thread gettin… |
CVE-2019-17359 | High | 7.5 | 2019-10-08 | The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted… |
CVE-2018-8031 | Medium | 6.1 | 2018-07-23 | The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web appl… |
CVE-2021-33037 | Medium | 5.3 | 2021-07-12 | Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstanc… |
CVE-2019-17569 | Medium | 4.8 | 2020-02-24 | The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that… |