Jboss operations network

This hub aggregates every CVE we track for Jboss operations network, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss operations network.

• CVE-2021-3644A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management inte...3.3Aug 26, 2022
• CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http5.5May 6, 2022
• CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8Jan 18, 2022
• CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5Dec 14, 2021
• CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5Dec 9, 2021
• CVE-2020-14340A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a deni...5.9Jun 2, 2021
• CVE-2012-5626EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; ...7.5Jan 23, 2020
• CVE-2019-10174A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispa...8.8Nov 25, 2019
• CVE-2008-5083In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.6.5Nov 7, 2019
• CVE-2013-4374An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.7.1Nov 4, 2019
• CVE-2010-0737A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configurati...8.0Oct 30, 2019
• CVE-2019-3834It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits t...7.3Oct 3, 2019
• CVE-2018-8088org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module...9.8Mar 20, 2018
• CVE-2017-17485FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is explo...9.8Jan 10, 2018
• CVE-2015-7501Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Servi...9.8Nov 9, 2017