Jboss a-mq

This hub aggregates every CVE we track for Jboss a-mq, a product in the cloud saas space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Jboss a-mq.

• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-4066Operator: passwords defined in secrets shown in statefulset yaml5.5Sep 27, 2023
• CVE-2023-4065Operator: plaintext password in operator log5.5Sep 26, 2023
• CVE-2023-33008Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale5.3Jul 7, 2023
• CVE-2023-1664A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak....6.5May 26, 2023
• CVE-2022-41723Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net7.5Feb 28, 2023
• CVE-2022-1278A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.7.5Sep 13, 2022
• CVE-2020-14379A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of service and information disclosure.5.6Aug 16, 2022
• CVE-2022-2048In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associa...7.5Jul 7, 2022
• CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8Jan 18, 2022
• CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5Dec 14, 2021
• CVE-2021-39144XStream is vulnerable to a Remote Command Execution attackKEV8.5Aug 23, 2021
• CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5Aug 18, 2021