Vulnerabilities > Apache > Karaf > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-26 | CVE-2022-22932 | Path Traversal vulnerability in Apache Karaf Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. | 5.3 |
| 2020-06-12 | CVE-2020-11980 | Server-Side Request Forgery (SSRF) vulnerability in Apache Karaf In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. | 6.3 |
| 2019-05-09 | CVE-2019-0226 | Path Traversal vulnerability in Apache Karaf Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. | 4.9 |
| 2019-03-21 | CVE-2019-0191 | Path Traversal vulnerability in Apache Karaf Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. | 6.5 |
| 2018-02-19 | CVE-2016-8750 | LDAP Injection vulnerability in Apache Karaf Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. | 6.5 |
| 2017-11-15 | CVE-2014-0219 | Improper Input Validation vulnerability in Apache Karaf Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports. | 5.5 |