Vulnerabilities > Redhat > Jboss Enterprise WEB Server > 1.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-23 | CVE-2012-5626 | Unspecified vulnerability in Redhat products EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | 5.0 |
| 2019-12-15 | CVE-2014-3701 | Race Condition vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has tmp file race condition flaws | 9.3 |
| 2019-12-15 | CVE-2014-3699 | Deserialization of Untrusted Data vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy has RCE via cPickle deserialization of untrusted data | 7.5 |
| 2019-12-06 | CVE-2012-2148 | Improper Privilege Management vulnerability in Redhat products An issue exists in the property replacements feature in any descriptor in JBoxx AS 7.1.1 ignores java security policies | 1.9 |
| 2019-11-21 | CVE-2014-3700 | Injection vulnerability in Redhat Edeploy and Jboss Enterprise web Server eDeploy through at least 2014-10-14 has remote code execution due to eval() of untrusted data | 7.5 |
| 2019-11-13 | CVE-2014-3655 | Cross-Site Request Forgery (CSRF) vulnerability in Redhat Jboss Enterprise web Server and Keycloak JBoss KeyCloak is vulnerable to soft token deletion via CSRF | 4.3 |
| 2019-11-01 | CVE-2011-3923 | Incorrect Permission Assignment for Critical Resource vulnerability in multiple products Apache Struts before 2.3.1.2 allows remote attackers to bypass security protections in the ParameterInterceptor class and execute arbitrary commands. | 9.8 |
| 2017-09-25 | CVE-2015-5184 | Unspecified vulnerability in Redhat AMQ and Jboss Enterprise web Server Console: CORS headers set to allow all in Red Hat AMQ. | 7.5 |
| 2017-09-25 | CVE-2015-5183 | Unspecified vulnerability in Redhat Amq, Jboss A-Mq and Jboss Enterprise web Server Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | 7.5 |
| 2016-09-01 | CVE-2016-2183 | Information Exposure vulnerability in multiple products The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | 7.5 |