Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

Enterprise Application Platform

Jboss EAP

The JBoss Enterprise Application Platform is a subscription-based/open-source Java EE-based application server runtime platform used for building deploying and hosting highly-transactional Java applications and services developed and maintained by Red Hat

Official Site:

https://www.redhat.com/en/technologies/jboss-middleware/application-platform

Severity Summary:

Critical: 34 High: 77 Medium: 101 Low: 16
Reference
Title
Severity
CVE-2012-4549
Jboss EAP Permissions Privileges and Access Controls Vulnerability
Medium
CVE-2011-4085
Jboss EAP Improper Authentication Vulnerability
Medium
CVE-2011-2487
Jboss EAP Use of a Broken or Risky Cryptographic Algorithm Vulnerability
Medium
CVE-2019-3872
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-5220
Jboss EAP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability
Medium
CVE-2018-14642
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2016-7061
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2017-2595
Jboss EAP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2018-10862
Jboss EAP Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2017-2666
Jboss EAP Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling) Vulnerability
Medium
CVE-2017-2582
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2018-10237
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability
Medium
CVE-2015-5188
Jboss EAP Cross-Site Request Forgery (CSRF) Vulnerability
Medium
CVE-2015-1849
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2015-5178
Jboss EAP 7PK - Security Features Vulnerability
Medium
CVE-2018-10934
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-10693
Jboss EAP Improper Input Validation Vulnerability
Medium
CVE-2020-1732
Jboss EAP Improper Input Validation Vulnerability
Medium
CVE-2019-14885
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2019-14820
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2019-10219
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-3805
Jboss EAP Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition) Vulnerability
Medium
CVE-2018-1000873
Jboss EAP Improper Input Validation Vulnerability
Medium
CVE-2013-6495
Jboss EAP Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2017-12167
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2016-8627
Jboss EAP Uncontrolled Resource Consumption Vulnerability
Medium
CVE-2017-12196
Jboss EAP Incorrect Authorization Vulnerability
Medium
CVE-2016-9585
Jboss EAP Deserialization of Untrusted Data Vulnerability
Medium
CVE-2016-6311
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2016-7046
Jboss EAP Resource Management Errors Vulnerability
Medium