CVSS: 10.0EPSS: 72%CPEs: 19EXPL: 1CVE-2015-7501 – apache-commons-collections: InvokerTransformer code execution during deserialisation
https://notcve.org/view.php?id=CVE-2015-7501
20 Nov 2015 — Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterprise Application Platform 6.x, 5.x, and 4.3.x; Fuse 6.x; Fuse Service Works (FSW) 6.x; Operations Network (JBoss ON) 3.x; Portal 6.x; SOA Platform (SOA-P) 5.x; Web Server (JWS) 3.x; Red Hat OpenShift/xPAAS 3.x; and Red Hat Subscription Asset Manager 1.3 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collect... • https://github.com/ianxtianxt/CVE-2015-7501 • CWE-284: Improper Access Control CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2014-0171 – Odata4j: XML eXternal Entity (XXE) flaw
https://notcve.org/view.php?id=CVE-2014-0171
12 Jan 2015 — XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in Odata4j, as used in Red Hat JBoss Data Virtualization before 6.0.0 patch 4, allows remote attackers to read arbitrary files via a crafted request to a REST endpoint. Vulnerabilidad de entidad externa XML (XXE) en StaxXMLFactoryProvider2 en Odata4j, usado en Red Hat JBoss Data Virtualization anterior a 6.0.0 parche 4, permite a atacantes remotos leer archivos arbitrarios a través de peticiones modificadas a un endpoint REST. It was found t... • http://rhn.redhat.com/errata/RHSA-2015-0034.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-0170 – Teiid: XML eXternal Entity (XXE) flaw in SQL/XML parsing
https://notcve.org/view.php?id=CVE-2014-0170
24 Sep 2014 — Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. Teiid anterior a 8.4.3 y anterior a 8.7 y Red Hat JBoss Data Virtualization 6.0.0 anterior a patch 3 permiten a atacantes remotos leer ficheros arbitrarios a través de una solicitud manipulada en un endpoint REST, relacionado con un problema de entidad externa XML (XXE). It was fou... • http://rhn.redhat.com/errata/RHSA-2014-1284.html • CWE-611: Improper Restriction of XML External Entity Reference •