Vulnerabilities > Redhat > Jboss Fuse > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 8.8 |
2020-05-12 | CVE-2020-1718 | Improper Authentication vulnerability in Redhat Keycloak A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. | 8.8 |
2020-04-21 | CVE-2020-1757 | Improper Input Validation vulnerability in Redhat products A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | 8.1 |
2020-01-23 | CVE-2019-14888 | A vulnerability was found in the Undertow HTTP server in versions before 2.0.28.SP1 when listening on HTTPS. | 7.5 |
2019-11-18 | CVE-2019-10172 | A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries. | 7.5 |
2018-08-01 | CVE-2016-8648 | Unspecified vulnerability in Redhat Jboss A-Mq and Jboss Fuse It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. | 7.2 |
2017-12-29 | CVE-2014-0120 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf server, as demonstrated by running "shutdown -f." | 8.8 |