FAIL › dossier
FedRAMP provider ·
Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.
| Date | Event | Sev | Flags | Shame | Summary |
|---|---|---|---|---|---|
| 2021-12-10 | CVE-2017-12149 | critical | ⚡RCE ⌖KEV | 95 | The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. |
| 2022-05-25 | CVE-2010-1428 | critical | ⌖KEV | 80 | Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information. |
| 2022-05-25 | CVE-2010-0738 | critical | ⌖KEV | 80 | The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. |
| 2023-09-28 | CVE-2018-14667 | high | ⚡RCE ⌖KEV | 65 | Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resourc |
| 2021-12-10 | CVE-2010-1871 | high | ⚡RCE ⌖KEV | 65 | JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured. |
| 2023-05-12 | CVE-2021-3560 | high | ⌖KEV | 50 | Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation. |
| 2022-06-27 | CVE-2021-4034 | high | ⌖KEV | 50 | The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights. |
| Product | Status | Impact |
|---|---|---|
| Red Hat OpenShift Service on AWS (ROSA) | In Process | High |