CVSS: 8.8EPSS: 2%CPEs: 2EXPL: 0CVE-2018-10899 – jolokia: system-wide CSRF that could lead to Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-10899
01 Aug 2019 — A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origin and referrer headers. This could result in a Remote Code Execution attack. Se detectó un fallo en Jolokia versiones 1.2 anteriores a 1.6.1. • https://access.redhat.com/errata/RHSA-2019:2413 • CWE-20: Improper Input Validation CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 66%CPEs: 1EXPL: 0CVE-2018-1000129 – jolokia: Cross site scripting in the HTTP servlet
https://notcve.org/view.php?id=CVE-2018-1000129
14 Mar 2018 — An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the HTTP servlet that allows an attacker to execute malicious javascript in the victim's browser. Existe una vulnerabilidad de Cross-Site Scripting (XSS) en la versión 1.3.7 del agente Jolokia, en el servlet HTTP, que permite que un atacante ejecute JavaScript malicioso en el navegador de la víctima. Red Hat Fuse provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat A-MQ is a standards comp... • https://access.redhat.com/errata/RHSA-2018:2669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •