Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for jboss_fuse_service_works by redhat

    CVE-2021-4104 (GCVE-0-2021-4104)

    Vulnerability from nvd – Published: 2021-12-14 00:00 – Updated: 2026-05-28 19:53
    VLAI
    Title
    Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
    Summary
    JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j 1.x Affected: Apache Log4j 1.2 1.2.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4104"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202310-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-16"
              },
              {
                "name": "GLSA-202312-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202312-02"
              },
              {
                "name": "GLSA-202312-04",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202312-04"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-20T16:29:18.701121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T19:53:14.378Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j 1.x",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Log4j 1.2 1.2.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T09:06:15.357Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
            },
            {
              "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2021-4104"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202310-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-16"
            },
            {
              "name": "GLSA-202312-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202312-02"
            },
            {
              "name": "GLSA-202312-04",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202312-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-4104",
        "datePublished": "2021-12-14T00:00:00.000Z",
        "dateReserved": "2021-12-13T00:00:00.000Z",
        "dateUpdated": "2026-05-28T19:53:14.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from nvd – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6469 (GCVE-0-2013-6469)

    Vulnerability from nvd – Published: 2014-04-21 14:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1051279 x_refsource_MISC
    http://secunia.com/advisories/57843 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051279"
              },
              {
                "name": "57843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-21T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051279"
            },
            {
              "name": "57843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57843"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6469",
        "datePublished": "2014-04-21T14:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-4104 (GCVE-0-2021-4104)

    Vulnerability from cvelistv5 – Published: 2021-12-14 00:00 – Updated: 2026-05-28 19:53
    VLAI
    Title
    Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2
    Summary
    JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Vendor Product Version
    Apache Software Foundation Apache Log4j 1.x Affected: Apache Log4j 1.2 1.2.x
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T17:16:04.172Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2021-4104"
              },
              {
                "name": "VU#930724",
                "tags": [
                  "third-party-advisory",
                  "x_transferred"
                ],
                "url": "https://www.kb.cert.org/vuls/id/930724"
              },
              {
                "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "name": "GLSA-202209-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202209-02"
              },
              {
                "name": "GLSA-202310-16",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202310-16"
              },
              {
                "name": "GLSA-202312-02",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202312-02"
              },
              {
                "name": "GLSA-202312-04",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202312-04"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "HIGH",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-4104",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2023-12-20T16:29:18.701121Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-28T19:53:14.378Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Log4j 1.x",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Log4j 1.2 1.2.x"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-22T09:06:15.357Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://www.cve.org/CVERecord?id=CVE-2021-44228"
            },
            {
              "url": "https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126"
            },
            {
              "url": "https://access.redhat.com/security/cve/CVE-2021-4104"
            },
            {
              "name": "VU#930724",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "[oss-security] 20220118 CVE-2022-23302: Deserialization of untrusted data in JMSSink in Apache Log4j 1.x",
              "tags": [
                "mailing-list"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2022/01/18/3"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0033"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20211223-0007/"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "GLSA-202209-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202209-02"
            },
            {
              "name": "GLSA-202310-16",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202310-16"
            },
            {
              "name": "GLSA-202312-02",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202312-02"
            },
            {
              "name": "GLSA-202312-04",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202312-04"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2021-4104",
        "datePublished": "2021-12-14T00:00:00.000Z",
        "dateReserved": "2021-12-13T00:00:00.000Z",
        "dateUpdated": "2026-05-28T19:53:14.378Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2015-7501 (GCVE-0-2015-7501)

    Vulnerability from cvelistv5 – Published: 2017-11-09 00:00 – Updated: 2024-08-06 07:51
    VLAI ENISA
    Summary
    Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://rhn.redhat.com/errata/RHSA-2016-0040.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2670.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2501.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2517.html vendor-advisory
    http://www.securityfocus.com/bid/78215 vdb-entry
    http://www.securitytracker.com/id/1034097 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2671.html vendor-advisory
    http://www.securitytracker.com/id/1037052 vdb-entry
    http://www.securitytracker.com/id/1037640 vdb-entry
    http://rhn.redhat.com/errata/RHSA-2015-2522.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2521.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2516.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2500.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2514.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2502.html vendor-advisory
    https://rhn.redhat.com/errata/RHSA-2015-2536.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2016-1773.html vendor-advisory
    http://rhn.redhat.com/errata/RHSA-2015-2524.html vendor-advisory
    http://www.securitytracker.com/id/1037053 vdb-entry
    https://bugzilla.redhat.com/show_bug.cgi?id=1279330
    https://access.redhat.com/solutions/2045023
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    http://www.oracle.com/technetwork/security-adviso…
    https://access.redhat.com/security/vulnerabilitie…
    http://www.oracle.com/technetwork/security-adviso…
    https://www.oracle.com/security-alerts/cpujul2020.html
    https://security.netapp.com/advisory/ntap-2024021…
    Date Public
    2015-11-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T07:51:28.224Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "RHSA-2016:0040",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
              },
              {
                "name": "RHSA-2015:2670",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
              },
              {
                "name": "RHSA-2015:2501",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
              },
              {
                "name": "RHSA-2015:2517",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
              },
              {
                "name": "78215",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/78215"
              },
              {
                "name": "1034097",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1034097"
              },
              {
                "name": "RHSA-2015:2671",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
              },
              {
                "name": "1037052",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037052"
              },
              {
                "name": "1037640",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037640"
              },
              {
                "name": "RHSA-2015:2522",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
              },
              {
                "name": "RHSA-2015:2521",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
              },
              {
                "name": "RHSA-2015:2516",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
              },
              {
                "name": "RHSA-2015:2500",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
              },
              {
                "name": "RHSA-2015:2514",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
              },
              {
                "name": "RHSA-2015:2502",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
              },
              {
                "name": "RHSA-2015:2536",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
              },
              {
                "name": "RHSA-2016:1773",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
              },
              {
                "name": "RHSA-2015:2524",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
              },
              {
                "name": "1037053",
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1037053"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/solutions/2045023"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/vulnerabilities/2059393"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-11-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-02-16T13:06:08.221Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "RHSA-2016:0040",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-0040.html"
            },
            {
              "name": "RHSA-2015:2670",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2670.html"
            },
            {
              "name": "RHSA-2015:2501",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2501.html"
            },
            {
              "name": "RHSA-2015:2517",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2517.html"
            },
            {
              "name": "78215",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securityfocus.com/bid/78215"
            },
            {
              "name": "1034097",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1034097"
            },
            {
              "name": "RHSA-2015:2671",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2671.html"
            },
            {
              "name": "1037052",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037052"
            },
            {
              "name": "1037640",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037640"
            },
            {
              "name": "RHSA-2015:2522",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2522.html"
            },
            {
              "name": "RHSA-2015:2521",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2521.html"
            },
            {
              "name": "RHSA-2015:2516",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2516.html"
            },
            {
              "name": "RHSA-2015:2500",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2500.html"
            },
            {
              "name": "RHSA-2015:2514",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2514.html"
            },
            {
              "name": "RHSA-2015:2502",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2502.html"
            },
            {
              "name": "RHSA-2015:2536",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://rhn.redhat.com/errata/RHSA-2015-2536.html"
            },
            {
              "name": "RHSA-2016:1773",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-1773.html"
            },
            {
              "name": "RHSA-2015:2524",
              "tags": [
                "vendor-advisory"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-2524.html"
            },
            {
              "name": "1037053",
              "tags": [
                "vdb-entry"
              ],
              "url": "http://www.securitytracker.com/id/1037053"
            },
            {
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1279330"
            },
            {
              "url": "https://access.redhat.com/solutions/2045023"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "url": "https://access.redhat.com/security/vulnerabilities/2059393"
            },
            {
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240216-0010/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2015-7501",
        "datePublished": "2017-11-09T00:00:00.000Z",
        "dateReserved": "2015-09-29T00:00:00.000Z",
        "dateUpdated": "2024-08-06T07:51:28.224Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2013-6469 (GCVE-0-2013-6469)

    Vulnerability from cvelistv5 – Published: 2014-04-21 14:00 – Updated: 2024-08-06 17:39
    VLAI
    Summary
    JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://bugzilla.redhat.com/show_bug.cgi?id=1051279 x_refsource_MISC
    http://secunia.com/advisories/57843 third-party-advisoryx_refsource_SECUNIA
    Date Public
    2014-02-09 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T17:39:01.319Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051279"
              },
              {
                "name": "57843",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/57843"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-02-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-04-21T11:57:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1051279"
            },
            {
              "name": "57843",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/57843"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2013-6469",
        "datePublished": "2014-04-21T14:00:00.000Z",
        "dateReserved": "2013-11-04T00:00:00.000Z",
        "dateUpdated": "2024-08-06T17:39:01.319Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }