Every CVE whose affected-product data names Apache Karaf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2022-40145 — CVSS 9.8 (critical): This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The…
CVE-2018-11788 — CVSS 9.8 (critical): Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy…
CVE-2018-11786 — CVSS 8.8 (high): In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any…
CVE-2020-28052 — CVSS 8.1 (high): An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared…
CVE-2018-11787 — CVSS 8.1 (high): In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at…
CVE-2021-41766 — CVSS 8.1 (high): Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based…
CVE-2016-8750 — CVSS 6.5 (medium): Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding usernames…
CVE-2019-0191 — CVSS 6.5 (medium): Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It…
CVE-2020-11980 — CVSS 6.3 (medium): In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually…
CVE-2014-0219 — CVSS 5.5 (medium): Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service…
CVE-2022-22932 — CVSS 5.3 (medium): Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected…
CVE-2019-0226 — CVSS 4.9 (medium): Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite…