Jboss A Mq
Sign in to watchby Red Hat
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-5183 | Hig | 0.49 | 7.5 | 0.00 | Sep 25, 2017 | Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | |
| CVE-2015-5181 | Med | 0.35 | 5.4 | 0.00 | Sep 25, 2017 | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |
| CVE-2014-0085 | 0.00 | — | 0.00 | Apr 17, 2014 | JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure via logging to local users. Note: this description has been updated; previous text mistakenly identified the source of the flaw as Zookeeper. Previous text: Apache Zookeeper logs cleartext admin passwords, which allows local users to obtain sensitive information by reading the log. | ||
| CVE-2013-4372 | 0.00 | — | 0.00 | Sep 30, 2013 | Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page. |