Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Jboss_enterprise_brms_platform
(Redhat)Repositories | https://github.com/dashbuilder/dashbuilder |
#Vulnerabilities | 23 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2013-02-05 | CVE-2012-3369 | The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. | Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform | N/A | ||
2012-11-23 | CVE-2012-2377 | JGroups diagnostics service in JBoss Enterprise Portal Platform before 5.2.2, SOA Platform before 5.3.0, and BRMS Platform before 5.3.0, is enabled without authentication when started by the JGroups channel, which allows remote attackers in adjacent networks to read diagnostics information via a crafted IP multicast. | Jboss_enterprise_brms_platform, Jboss_enterprise_portal_platform, Jboss_enterprise_soa_platform | N/A | ||
2012-11-23 | CVE-2012-1167 | The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications. | Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_platform | N/A | ||
2013-02-05 | CVE-2012-0034 | The NonManagedConnectionFactory in JBoss Enterprise Application Platform (EAP) 5.1.2 and 5.2.0, Web Platform (EWP) 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by reading the log file. | Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform | N/A | ||
2014-02-10 | CVE-2011-4610 | JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via vectors related to a crafted UTF-8 and a "surrogate pair character" that is "at the boundary of an internal buffer." | Jboss_communications_platform, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_web_platform | N/A |