Vulnerabilities > Redhat > Jboss Fuse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-02 | CVE-2019-14892 | Deserialization of Untrusted Data vulnerability in multiple products A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. | 9.8 |
| 2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 5.0 |
| 2020-01-08 | CVE-2019-14820 | Unspecified vulnerability in Redhat products It was found that keycloak before version 8.0.0 exposes internal adapter endpoints in org.keycloak.constants.AdapterConstants, which can be invoked via a specially-crafted URL. | 4.0 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 4.3 |
| 2019-11-18 | CVE-2019-10172 | XXE vulnerability in multiple products A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
| 2019-10-02 | CVE-2019-10212 | Information Exposure Through Log Files vulnerability in multiple products A flaw was found in, all under 2.0.20, in the Undertow DEBUG log for io.undertow.request.security. | 4.3 |
| 2019-08-01 | CVE-2015-7559 | Improper Input Validation vulnerability in multiple products It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. | 2.7 |
| 2018-08-01 | CVE-2016-8653 | Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. | 5.3 |
| 2018-08-01 | CVE-2016-8648 | Deserialization of Untrusted Data vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. | 7.2 |
| 2018-07-26 | CVE-2017-2589 | It was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies are stored locally and are not passed between the client and the end URL) which means all clients using that proxy are sharing the same cookies. | 6.0 |