Redhat Jboss Data Virtualization vulnerabilities

5 known vulnerabilities affecting redhat/jboss_data_virtualization.

Total CVEs

5

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL1HIGH1MEDIUM3

Vulnerabilities

Page 1 of 1

CVE-2021-4104HIGHCVSS 7.5v6.0.02021-12-14

CVE-2021-4104 [HIGH] CWE-502 CVE-2021-4104: JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has wr JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228.

CVE-2020-14340MEDIUMCVSS 5.9v6.0.02021-06-02

CVE-2020-14340 [MEDIUM] CWE-400 CVE-2020-14340: A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO S A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.

CVE-2015-7501CRITICALCVSS 9.8v5.0.0v6.0.02017-11-09

CVE-2015-7501 [CRITICAL] CWE-502 CVE-2015-7501: Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualiza Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Ha

CVE-2014-0171MEDIUMCVSS 5.0≤ 6.0.02015-01-15

CVE-2014-0171 [MEDIUM] CVE-2014-0171: XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JB XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint.

CVE-2014-0170MEDIUMCVSS 4.3≤ 6.0.02014-09-30

CVE-2014-0170 [MEDIUM] CVE-2014-0170: Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue.