Max CVSS | 10.0 | Min CVSS | 2.1 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2009-5066 | 2.1 |
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
|
14-02-2024 - 01:17 | 13-08-2012 - 20:55 | |
CVE-2011-2908 | 6.0 |
Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authe
|
13-02-2023 - 04:32 | 23-11-2012 - 20:55 | |
CVE-2012-0874 | 6.8 |
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentica
|
13-02-2023 - 04:32 | 05-02-2013 - 23:55 | |
CVE-2011-1096 | 5.0 |
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtai
|
13-02-2023 - 01:18 | 23-11-2012 - 20:55 | |
CVE-2012-2379 | 10.0 |
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impac
|
13-02-2023 - 00:24 | 03-01-2013 - 01:55 | |
CVE-2011-4575 | 4.3 |
Cross-site scripting (XSS) vulnerability in the JMX console in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to inject arbi
|
13-02-2023 - 00:21 | 05-02-2013 - 23:55 | |
CVE-2012-3546 | 4.3 |
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by leveraging a previous setUserPrincipal call and then
|
19-09-2017 - 01:35 | 19-12-2012 - 11:55 | |
CVE-2012-5478 | 4.9 |
The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated
|
29-08-2017 - 01:32 | 05-02-2013 - 23:55 | |
CVE-2012-3370 | 5.8 |
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a s
|
29-08-2017 - 01:31 | 05-02-2013 - 23:55 | |
CVE-2012-3369 | 4.0 |
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via
|
29-08-2017 - 01:31 | 05-02-2013 - 23:55 | |
CVE-2012-2377 | 3.3 |
JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent
|
29-08-2017 - 01:31 | 23-11-2012 - 20:55 | |
CVE-2011-2730 | 7.5 |
VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, and 3.x before 3.0.6, when a container supports Expression Language (EL), evaluates EL expressions in tags twice, which allows remote attackers to obtain sensitive information via
|
09-08-2017 - 01:29 | 05-12-2012 - 17:55 | |
CVE-2012-0034 | 2.1 |
The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows l
|
18-01-2015 - 02:59 | 05-02-2013 - 23:55 |