Redhat Jboss Operations Network — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Jboss Operations Network, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2016-6330 — CVSS 9.8 (critical): The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication…
CVE-2015-7501 — CVSS 9.8 (critical): Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise…
CVE-2016-3737 — CVSS 9.8 (critical): The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP…
CVE-2015-0297 — CVSS 9.0 (critical): Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute…
CVE-2016-5422 — CVSS 8.8 (high): The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super…
CVE-2010-0737 — CVSS 8.0 (high): A missing permission check was found in The CLI in JBoss Operations Network before 2.3.1 does not properly check permissions, which allows…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2012-5626 — CVSS 7.5 (high): EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss…
CVE-2013-2165 — CVSS 7.5 (high): ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web…
CVE-2019-3834 — CVSS 7.3 (high): It was found that the fix for CVE-2014-0114 had been reverted in JBoss Operations Network 3 (JON). This flaw allows attackers to manipulate…
CVE-2013-4374 — CVSS 7.1 (high): An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
CVE-2008-5083 — CVSS 6.5 (medium): In JON 2.1.x before 2.1.2 SP1, users can obtain unauthorized security information about private resources managed by JBoss ON.
CVE-2020-14340 — CVSS 5.9 (medium): A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage…
CVE-2012-1100 — CVSS 5.8 (medium): Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and earlier, when LDAP authentication is enabled and the LDAP bind…
CVE-2012-0052 — CVSS 5.8 (medium): Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers…
CVE-2012-0062 — CVSS 5.8 (medium): Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent…
CVE-2011-3206 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in the administration interface in RHQ 4.2.0, as used in JBoss Operations Network (aka…
CVE-2015-3267 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to…
CVE-2014-7853 — CVSS 4.0 (medium): The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not…
CVE-2012-0032 — CVSS 3.7 (low): Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which…
CVE-2011-4573 — CVSS 3.5 (low): Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users…
CVE-2013-4373 — CVSS 3.2 (low): The storeFiles method in JPADriftServerBean in Red Hat JBoss Operations Network (JON) 3.1.2 allows local users to load arbitrary drift…
CVE-2013-4293 — CVSS 2.1 (low): The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs passwords in plaintext, which allows local users to obtain sensitive…
CVE-2013-4452 — CVSS 2.1 (low): Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions for the (1) server and (2) agent configuration files, which allows…