Redhat Jboss_fuse
11 CVEs affecting Redhat Jboss_fuse. Latest disclosed: 2023-10-10. Critical: 2, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2014-0121 | Critical | 9.8 | 2017-12-29 | The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter. |
CVE-2015-7501 | Critical | 9.8 | 2017-11-09 | Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x… |
CVE-2014-0120 | High | 8.8 | 2017-12-29 | Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for re… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2014-8175 | | 2015-07-08 | Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account define… | |
CVE-2013-7398 | | 2015-06-24 | main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async Http Client (aka AHC or async-http-client) before 1.9.0 does not require a hostname match du… | |
CVE-2013-7397 | | 2015-06-24 | Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location ar… | |
CVE-2014-5075 | | 2014-10-25 | The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domai… | |
CVE-2014-0085 | | 2014-04-17 | JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local… | |
CVE-2013-4372 | | 2013-09-30 | Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 a… |