Описание
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3.9:general_availability:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4.0:general_availability:*:*:*:*:*:*
EPSS
Процентиль: 84%
0.02131
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502
Связанные уязвимости
CVSS3: 6.6
redhat
больше 4 лет назад
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
github
около 4 лет назад
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
EPSS
Процентиль: 84%
0.02131
Низкий
7.2 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-502