National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): JBOSS
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 8 matching records.
Vuln ID Summary CVSS Severity

A CSRF issue was found in JBoss Application Server 7 before 7.1.0. JBoss did not properly restrict access to the management console information (for example via the "Access-Control-Allow-Origin" HTTP access control flag). This can lead to unauthorized information leak if a user with admin privileges visits a specially-crafted web page provided by a remote attacker.

Published: November 25, 2019; 10:15:10 PM -05:00
(not available)

A DOM based cross-site scripting flaw was found in the JBoss Application Server 7 before 7.1.0 Beta 1 administration console. A remote attacker could provide a specially-crafted web page and trick the valid JBoss AS user, with the administrator privilege, to visit it, which would lead into the DOM environment modification and arbitrary HTML or web script execution.

Published: November 25, 2019; 09:15:10 PM -05:00
(not available)

JBoss KeyCloak is vulnerable to soft token deletion via CSRF

Published: November 13, 2019; 11:15:10 AM -05:00
V3.1: 4.3 MEDIUM
    V2: 4.3 MEDIUM

JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.

Published: November 12, 2019; 06:15:09 PM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.

Published: November 07, 2019; 07:15:10 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM

JBoss AeroGear has reflected XSS via the password field

Published: November 04, 2019; 10:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

Published: October 30, 2019; 07:15:09 PM -04:00
V3.1: 8.0 HIGH
    V2: 5.2 MEDIUM

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

Published: October 03, 2019; 10:15:11 AM -04:00
V3.1: 7.3 HIGH
    V2: 6.8 MEDIUM