National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): JBOSS
  • Search Type: Search Last 3 Months
  • Contains Software Flaws (CVE)
There are 4 matching records.
Vuln ID Summary CVSS Severity

In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.

Published: November 07, 2019; 07:15:10 PM -05:00
(not available)

JBoss AeroGear has reflected XSS via the password field

Published: November 04, 2019; 10:15:11 AM -05:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM

A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user.

Published: October 30, 2019; 07:15:09 PM -04:00
V3.1: 8.0 HIGH
    V2: 5.2 MEDIUM

It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: Note that while multiple products released patches for the original CVE-2014-0114 flaw, the reversion described by this CVE-2019-3834 flaw only occurred in JON 3.

Published: October 03, 2019; 10:15:11 AM -04:00
V3.1: 7.3 HIGH
    V2: 6.8 MEDIUM