VYPR

Enterprise Application Platform

by JBoss

CVEs (7)

  • CVE-2016-7066HigSep 11, 2018
    risk 0.51cvss 7.8epss 0.00

    It was found that the improper default permissions on /tmp/auth directory in JBoss Enterprise Application Platform before 7.1.0 can allow any local user to connect to CLI and allow the user to execute any arbitrary operations.

  • CVE-2016-2094HigMay 6, 2016
    risk 0.49cvss 7.5epss 0.03

    The HTTPS NIO Connector allows remote attackers to cause a denial of service (thread consumption) by opening a socket and not sending an SSL handshake, aka a read-timeout vulnerability.

  • CVE-2016-7061LowSep 10, 2018
    risk 0.23cvss 3.5epss 0.02

    An information disclosure vulnerability was found in JBoss Enterprise Application Platform before 7.0.4. It was discovered that when configuring RBAC and marking information as sensitive, users with a Monitor role are able to view the sensitive information.

  • CVE-2008-3273Aug 10, 2008
    risk 0.07cvss epss 0.47

    JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

  • CVE-2014-5401Mar 26, 2019
    risk 0.00cvss epss 0.05

    Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the target system. Hospira has developed a new version of the MedNet software, MedNet…

  • CVE-2014-3586Apr 21, 2015
    risk 0.00cvss epss 0.00

    The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-history, which allows local users to obtain sensitive information via unspecified…

  • CVE-2009-0027Mar 9, 2009
    risk 0.00cvss epss 0.02

    The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote…