Vulnerabilities > Redhat > Jboss Enterprise WEB Server

DATE CVE VULNERABILITY TITLE RISK
2021-05-28 CVE-2020-25710 A flaw was found in OpenLDAP in versions before 2.4.56.
network
low complexity
openldap redhat debian fedoraproject
7.5
2020-01-23 CVE-2012-5626 Unspecified vulnerability in Redhat products
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation.
network
low complexity
redhat
7.5
2019-12-19 CVE-2019-19906 Off-by-one Error vulnerability in multiple products
cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet.
7.5
2019-12-15 CVE-2014-3701 Race Condition vulnerability in Redhat Edeploy and Jboss Enterprise web Server
eDeploy has tmp file race condition flaws
network
high complexity
redhat CWE-362
8.1
2019-12-15 CVE-2014-3699 Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server
eDeploy has RCE via cPickle deserialization of untrusted data
network
low complexity
redhat CWE-502
critical
9.8
2019-12-06 CVE-2012-2148 Improper Privilege Management vulnerability in Redhat products
An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies
local
low complexity
redhat CWE-269
3.3
2019-11-21 CVE-2014-3700 Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server
eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data
network
low complexity
redhat CWE-74
critical
9.8
2019-11-13 CVE-2014-3655 Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak
JBoss KeyCloak is vulnerable to soft token deletion via CSRF
network
low complexity
redhat CWE-352
4.3
2019-11-01 CVE-2011-3923 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands.
network
low complexity
apache redhat CWE-732
critical
9.8
2019-02-27 CVE-2019-1559 Information Exposure Through Discrepancy vulnerability in multiple products
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC.
5.9