threat
engine
.sh
Back
·
··:··
Home
/
Product
/
apache karaf
Product
apache karaf
13 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2022-40145
< 4.3.8
This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI
9.8
CRITICAL
CVE-2022-22932
< 4.2.15
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expect
5.3
MEDIUM
CVE-2021-41766
< 4.3.6
Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java R
8.1
HIGH
CVE-2020-28052
all versions
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compa
8.1
HIGH
CVE-2020-11980
< 4.2.9
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can
6.3
MEDIUM
CVE-2019-0226
< 4.2.5
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and ove
4.9
MEDIUM
CVE-2019-0191
< 4.2.3
Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip fi
6.5
MEDIUM
CVE-2018-11788
< 4.1.7
Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the
9.8
CRITICAL
CVE-2018-11787
< 3.0.9
In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../sy
8.1
HIGH
CVE-2018-11786
< 4.2.0
In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instanc
8.8
HIGH
CVE-2016-8750
< 4.0.8
Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate users to a directory via LDAP. However, it did not encoding u
6.5
MEDIUM
CVE-2017-1000406
all versions
OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a password change, allowing the old password to be used until the K
7.5
HIGH
CVE-2014-0219
< 4.0.10
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of servic
5.5
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin