Vulnerabilities > Apache > Karaf > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2021-41766 | Deserialization of Untrusted Data vulnerability in Apache Karaf Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). | 8.1 |
| 2020-12-18 | CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. | 8.1 |
| 2018-09-18 | CVE-2018-11787 | Improper Authentication vulnerability in Apache Karaf In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. | 8.1 |
| 2018-09-18 | CVE-2018-11786 | Improper Privilege Management vulnerability in Apache Karaf In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. | 8.8 |