Vulnerabilities > Redhat > Jboss Enterprise WEB Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-28 | CVE-2020-25710 | Reachable Assertion vulnerability in multiple products A flaw was found in OpenLDAP in versions before 2.4.56. | 7.5 |
| 2020-01-23 | CVE-2012-5626 | Unspecified vulnerability in Redhat products EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | 5.0 |
| 2019-12-19 | CVE-2019-19906 | Off-by-one Error vulnerability in multiple products cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of-service in OpenLDAP via a malformed LDAP packet. | 7.5 |
| 2019-12-15 | CVE-2014-3701 | Race Condition vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has tmp file race condition flaws | 9.3 |
| 2019-12-15 | CVE-2014-3699 | Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has RCE via cPickle deserialization of untrusted data | 7.5 |
| 2019-12-06 | CVE-2012-2148 | Improper Privilege Management vulnerability in Redhat products An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | 1.9 |
| 2019-11-21 | CVE-2014-3700 | Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 7.5 |
| 2019-11-13 | CVE-2014-3655 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 4.3 |
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |
| 2019-02-27 | CVE-2019-1559 | Information Exposure Through Discrepancy vulnerability in multiple products If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. | 5.9 |