Product:

Jboss_operations_network

(Redhat)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 22
Date ID Summary Products Score Patch
2019-11-08 CVE-2008-5083 In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON. Jboss_operations_network N/A
2019-11-04 CVE-2013-4374 An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files. Jboss_operations_network, Rhq_mongo_db_drift_server N/A
2019-10-30 CVE-2010-0737 A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows JBoss ON users to perform management tasks and configuration changes with the privileges of the administrator user. Jboss_operations_network N/A
2019-10-03 CVE-2019-3834 It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate ClassLoader properties on a vulnerable server. Exploits that have been published rely on ClassLoader properties that are exposed such as those in JON 3. Additional information can be found in the Red Hat Knowledgebase article: https://access.redhat.com/site/solutions/869353. Note that while multiple products released patches for the original... Jboss_operations_network N/A
2018-01-10 CVE-2017-17485 FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. Debian_linux, Jackson, Jackson\-Databind, Jboss_bpm_suite, Jboss_brms, Jboss_enterprise_application_platform, Jboss_operations_network 9.8
2016-09-27 CVE-2016-6330 The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. Jboss_operations_network 9.8
2016-09-07 CVE-2016-5422 The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. Jboss_operations_network 8.8
2016-08-02 CVE-2016-3737 The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. Jboss_operations_network 9.8
2017-11-09 CVE-2015-7501 Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache... Data_grid, Jboss_a\-Mq, Jboss_bpm_suite, Jboss_data_virtualization, Jboss_enterprise_application_platform, Jboss_enterprise_brms_platform, Jboss_enterprise_soa_platform, Jboss_enterprise_web_server, Jboss_fuse, Jboss_fuse_service_works, Jboss_operations_network, Jboss_portal, Openshift, Subscription_asset_manager, Xpaas 9.8
2015-08-11 CVE-2015-3267 Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. Jboss_operations_network N/A