Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Redhat Subscribe
Filtered by product Jboss Enterprise Application Platform
Total 230 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-8657 1 Redhat 2 Enterprise Linux, Jboss Enterprise Application Platform 2024-11-21 7.2 HIGH 7.8 HIGH
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted.
CVE-2016-8656 1 Redhat 1 Jboss Enterprise Application Platform 2024-11-21 4.6 MEDIUM 7.0 HIGH
Jboss jbossas before versions 5.2.0-23, 6.4.13, 7.0.5 is vulnerable to an unsafe file handling in the jboss init script which could result in local privilege escalation.
CVE-2016-8627 1 Redhat 2 Jboss Enterprise Application Platform, Keycloak 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired.
CVE-2016-7066 1 Redhat 1 Jboss Enterprise Application Platform 2024-11-21 4.6 MEDIUM 7.8 HIGH
It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.
CVE-2016-7061 1 Redhat 2 Enterprise Linux, Jboss Enterprise Application Platform 2024-11-21 4.0 MEDIUM 3.5 LOW
An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.
CVE-2014-0169 1 Redhat 1 Jboss Enterprise Application Platform 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
CVE-2013-6495 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
JBossWeb Bayeux has reflected XSS
CVE-2012-5626 1 Redhat 6 Jboss Brms, Jboss Enterprise Application Platform, Jboss Enterprise Web Server and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
CVE-2012-2312 1 Redhat 2 Jboss Application Server, Jboss Enterprise Application Platform 2024-11-21 4.6 MEDIUM 7.8 HIGH
An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.
CVE-2011-2487 2 Apache, Redhat 10 Cxf, Wss4j, Jboss Business Rules Management System and 7 more 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.