Jboss brms

This hub aggregates every CVE we track for Jboss brms, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 13 most recently published vulnerabilities affecting Jboss brms.

• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021
• CVE-2020-14340A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a deni...5.9Jun 2, 2021
• CVE-2012-5626EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; ...7.5Jan 23, 2020
• CVE-2010-3857JBoss BRMS before 5.1.0 has a XSS vulnerability via asset=UUID parameter.6.1Nov 12, 2019
• CVE-2018-12022An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db...7.5Mar 17, 2019
• CVE-2018-12023An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle ...7.5Mar 17, 2019
• CVE-2018-19362FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.9.8Jan 2, 2019
• CVE-2018-19361FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.9.8Jan 2, 2019
• CVE-2018-19360FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.9.8Jan 2, 2019
• CVE-2016-7041Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affect...6.5Sep 10, 2018
• CVE-2018-8088org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module...9.8Mar 20, 2018
• CVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Servi...9.8Nov 9, 2017
• CVE-2012-6153http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAlt...4.3Sep 4, 2014