← Back

Jboss

jboss

13 CVEs • 9 products

Products (9)

Click to collapse
Toggle
Jboss
jboss
3 CVEs
Jboss Application Server
jboss_application_server
3 CVEs
Enterprise Application Platform
enterprise_application_platform
2 CVEs
Jbpm
jbpm
1 CVE
Seam
seam
1 CVE
Ironjacamar
ironjacamar
1 CVE
Teiid
teiid
1 CVE
Jboss Remoting
jboss-remoting
1 CVE
Enterprise Java Beans
enterprise_java_beans
0 CVEs

CVEs (13)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2018-1041
2Jboss
Redhat
2Jboss Remoting
Jboss Enterprise Application Platform
Nov 21, 2024
Feb 15, 2018
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an in...Show more
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.Show less
CVE-2016-2094
1Jboss
1Enterprise Application Platform
May 6, 2026
May 6, 2016
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.
CVE-2014-0170
2Jboss
Redhat
2Jboss Data Virtualization
Teiid
May 6, 2026
Sep 30, 2014
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XX...Show more
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.Show less
CVE-2012-3428
1Jboss
1Ironjacamar
Apr 29, 2026
Dec 20, 2012
N/A· v4
N/A· v3
4.3 MEDIUM· v2
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function ca...Show more
The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource connection in opportunistic circumstances via an invalid connection attempt.Show less
CVE-2008-3273
1Jboss
1Enterprise Application Platform
Apr 23, 2026
Aug 10, 2008
N/A· v4
N/A· v3
5.0 MEDIUM· v2
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the statu...Show more
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.Show less
CVE-2007-6433
1Jboss
1Seam
Apr 23, 2026
Dec 18, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter.
CVE-2007-1354
1Jboss
1Jboss Application Server
Apr 23, 2026
Jul 27, 2007
N/A· v4
N/A· v3
6.0 MEDIUM· v2
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote a...Show more
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.Show less
CVE-2007-1157
1Jboss
1Jboss
Apr 23, 2026
Mar 2, 2007
N/A· v4
N/A· v3
7.6 HIGH· v2
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE...Show more
Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.Show less
CVE-2007-1036
1Jboss
1Jboss Application Server
Apr 23, 2026
Feb 21, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
CVE-2006-5750
1Jboss
1Jboss Application Server
Apr 23, 2026
Nov 27, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute...Show more
Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server (jbossas) 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager.Show less
CVE-2005-2158
1Jboss
1Jbpm
Apr 16, 2026
Jul 6, 2005
N/A· v4
N/A· v3
7.5 HIGH· v2
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
CVE-2005-2006
1Jboss
1Jboss
Apr 16, 2026
Jun 17, 2005
N/A· v4
N/A· v3
5.0 MEDIUM· v2
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename...Show more
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.Show less
CVE-2003-0845
1Jboss
1Jboss
Apr 16, 2026
Nov 17, 2003
N/A· v4
N/A· v3
7.5 HIGH· v2
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute a...Show more
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.Show less