Every CVE whose affected-product data names Redhat Jboss A-mq, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (17)
CVE-2015-7501 — CVSS 9.8 (critical): Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2022-1278 — CVSS 7.5 (high): A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.
CVE-2016-8648 — CVSS 7.2 (high): It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to MBeans via…
CVE-2023-1664 — CVSS 6.5 (medium): A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the…
CVE-2020-14379 — CVSS 5.6 (medium): A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial of…
CVE-2023-4066 — CVSS 5.5 (medium): A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in…
CVE-2023-4065 — CVSS 5.5 (medium): A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in…
CVE-2016-8653 — CVSS 5.3 (medium): It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attacker could…
CVE-2021-3536 — CVSS 4.8 (medium): A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible…
CVE-2021-3425 — CVSS 4.4 (medium): A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker application…
CVE-2013-4372 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ…
CVE-2015-7559 — CVSS 2.7 (low): It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker…
CVE-2014-0085 — CVSS 2.1 (low): JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information disclosure…