High severity7.2NVD Advisory· Published Aug 1, 2018· Updated Jun 17, 2026
CVE-2016-8648
CVE-2016-8648
Description
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via JMX operations. An attacker could use this flaw to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contain deserialization gadgets in its classpath.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: 6.x
- Range: 6.x
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/94513nvdThird Party AdvisoryVDB Entry
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationThird Party Advisory
News mentions
0No linked articles in our index yet.