Vulnerabilities > Redhat > Jboss Fuse > High

DATE CVE VULNERABILITY TITLE RISK
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
2020-05-12 CVE-2020-1718 Improper Authentication vulnerability in Redhat Keycloak
A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0.
network
low complexity
redhat CWE-287
8.8
2020-04-21 CVE-2020-1757 Improper Input Validation vulnerability in Redhat products
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass.
network
low complexity
redhat CWE-20
8.1
2020-01-23 CVE-2019-14888 A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS.
network
low complexity
redhat netapp
7.5
2019-11-18 CVE-2019-10172 A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries.
network
low complexity
fasterxml redhat debian apache
7.5
2018-08-01 CVE-2016-8648 Unspecified vulnerability in Redhat Jboss A-Mq and Jboss Fuse
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations.
network
low complexity
redhat
7.2
2017-12-29 CVE-2014-0120 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f."
network
low complexity
hawt redhat CWE-352
8.8