Vulnerabilities > Redhat > Jboss Fuse > 6.0.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-18 | CVE-2017-12196 | Incorrect Authorization vulnerability in Redhat products undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. | 4.3 |
| 2017-11-09 | CVE-2015-7501 | Deserialization of Untrusted Data vulnerability in Redhat products Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 9.8 |
| 2015-07-08 | CVE-2014-8175 | Permissions, Privileges, and Access Controls vulnerability in Redhat Jboss Fuse 6.0.0/6.1.0 Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to bypass intended restrictions and access the HawtIO console by leveraging an account defined in the users.properties file. | 6.0 |
| 2014-10-25 | CVE-2014-5075 | Cryptographic Issues vulnerability in multiple products The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | 6.8 |
| 2014-04-17 | CVE-2014-0085 | Credentials Management vulnerability in Redhat Jboss A-Mq and Jboss Fuse JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. | 2.1 |