Описание
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=20105597: Incomplete fix of CVE-2016-4978 in HornetQ library
EPSS
Процентиль: 84%
0.02131
Низкий
6.6 Medium
CVSS3
Связанные уязвимости
CVSS3: 7.2
nvd
около 4 лет назад
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
github
около 4 лет назад
The HornetQ component of Artemis in EAP 7 was not updated with the fix for CVE-2016-4978. A remote attacker could use this flaw to execute arbitrary code with the permissions of the application using a JMS ObjectMessage.
EPSS
Процентиль: 84%
0.02131
Низкий
6.6 Medium
CVSS3