threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat jboss a mq
Product
redhat jboss a mq
17 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-44487
all versions
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2023-4066
all versions
A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in A
5.5
MEDIUM
CVE-2023-4065
all versions
A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plai
5.5
MEDIUM
CVE-2023-1664
all versions
A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and t
6.5
MEDIUM
CVE-2022-1278
all versions
A flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may conta
7.5
HIGH
CVE-2020-14379
all versions
A flaw was found in Red Hat AMQ Broker in a way that a XEE attack can be done via Broker's configuration files, leading to denial
5.6
MEDIUM
CVE-2021-4104
all versions
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j config
7.5
HIGH
CVE-2021-3425
all versions
A flaw was found in the AMQ Broker that discloses JDBC encrypted usernames and passwords when provided in the AMQ Broker applicati
4.4
MEDIUM
CVE-2021-3536
all versions
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is
4.8
MEDIUM
CVE-2015-7559
all versions
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An a
2.7
LOW
CVE-2016-8653
all versions
It was found that the JMX endpoint of Red Hat JBoss Fuse 6, and Red Hat A-MQ 6 deserializes the credentials passed to it. An attac
5.3
MEDIUM
CVE-2016-8648
all versions
It was found that the Karaf container used by Red Hat JBoss Fuse 6.x, and Red Hat JBoss A-MQ 6.x, deserializes objects passed to M
7.2
HIGH
CVE-2015-7501
all versions
Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp
9.8
CRITICAL
CVE-2015-5183
all versions
Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ.
7.5
HIGH
CVE-2015-5181
<= 6.0
The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript.
5.4
MEDIUM
CVE-2014-0085
all versions
JBoss Fuse did not enable encrypted passwords by default in its usage of Apache Zookeeper. This permitted sensitive information di
CVE-2013-4372
all versions
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBos
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin