This page lists publicly disclosed CVE vulnerabilities affecting redhat jboss_brms (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-14340 | A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | [email protected] | 5.9 | 2.20% | 2021-06-02 | 2026-06-16 |
| CVE-2012-5626 | EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in Red Hat JBoss Enterprise Web Server 1 ignores roles specified using the @RunAs annotation. | [email protected] | 7.5 | 0.91% | 2020-01-23 | 2026-06-16 |
| CVE-2018-12023 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | [email protected] | 7.5 | 8.87% | 2019-03-21 | 2026-06-16 |
| CVE-2018-12022 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | [email protected] | 7.5 | 7.29% | 2019-03-21 | 2026-06-16 |
| CVE-2018-19362 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization. | [email protected] | 9.8 | 10.60% | 2019-01-02 | 2026-06-16 |
| CVE-2018-19361 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization. | [email protected] | 9.8 | 10.60% | 2019-01-02 | 2026-06-16 |
| CVE-2018-19360 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization. | [email protected] | 9.8 | 10.60% | 2019-01-02 | 2026-06-16 |
| CVE-2016-7041 | Drools Workbench contains a path traversal vulnerability. The vulnerability allows a remote, authenticated attacker to bypass the directory restrictions and retrieve arbitrary files from the affected host. | [email protected] | 6.5 | 3.96% | 2018-09-10 | 2026-06-16 |