VYPR

Maven package

org.apache.karaf.management/org.apache.karaf.management.server

pkg:maven/org.apache.karaf.management/org.apache.karaf.management.server

Vulnerabilities (2)

  • CVE-2021-41766Jan 26, 2022
    affected < 4.3.6fixed 4.3.6

    Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against

  • CVE-2020-11980Jun 12, 2020
    affected < 4.2.9fixed 4.2.9

    In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg