Red hat jboss a-mq

This hub aggregates every CVE we track for Red hat jboss a-mq, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Red hat jboss a-mq.

• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2023-34462netty-handler SniHandler 16MB allocation6.5Jun 22, 2023
• CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that ...4.7Jun 14, 2023
• CVE-2023-1664A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak....6.5May 26, 2023
• CVE-2023-20861In Spring Framework versions 6.0.0 - 6.0.6, 5.3.0 - 5.3.25, 5.2.0.RELEASE - 5.2.22.RELEASE, and older unsupported versions, it is possible for a user to provide a specially crafted SpEL expression ...6.5Mar 23, 2023
• CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http5.5May 6, 2022
• CVE-2022-25647Deserialization of Untrusted Data7.7May 1, 2022
• CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5Mar 11, 2022
• CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5Dec 9, 2021
• CVE-2016-4437​Уязвимость реализации функции «Remember Me» фреймворка Apache Shiro, позволяющая нарушителю выполнить произвольный код или обойти ограничения безопасности8.1Nov 25, 2021
• CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3Mar 22, 2021
• CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1Mar 22, 2021
• CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3Mar 22, 2021
• CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4Mar 22, 2021
• CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3Mar 22, 2021