COOEY // HUBcompliance · community · intelligence

FAIL › dossier

Red Hat company FedRAMP market

FedRAMP provider ·

7
failure events
0
zero-days
3
RCEs
7
on KEV
3
critical
95
worst shame

Dossier not yet built — the RAG curator builds one for players with ≥2 failure events (factory/dossier.py). The failure history and sentiment below are live.

Failure history 7 events

DateEventSevFlagsShameSummary
2021-12-10 CVE-2017-12149 critical ⚡RCE ⌖KEV 95 The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
2022-05-25 CVE-2010-1428 critical ⌖KEV 80 Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
2022-05-25 CVE-2010-0738 critical ⌖KEV 80 The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
2023-09-28 CVE-2018-14667 high ⚡RCE ⌖KEV 65 Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resourc
2021-12-10 CVE-2010-1871 high ⚡RCE ⌖KEV 65 JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.
2023-05-12 CVE-2021-3560 high ⌖KEV 50 Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
2022-06-27 CVE-2021-4034 high ⌖KEV 50 The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

FedRAMP catalog products 1

ProductStatusImpact
Red Hat OpenShift Service on AWS (ROSA) In Process High