Fuse Esb Enterprise CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2013-4271	2 Redhat, Restlet	6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more	2025-04-11	N/A
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources, which allows remote attackers to execute arbitrary Java code via a serialized object, a different vulnerability than CVE-2013-4221.
CVE-2013-1768	2 Apache, Redhat	5 Openjpa, Fuse Esb Enterprise, Fuse Management Console and 2 more	2025-04-11	N/A
The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and 2.x before 2.2.2 creates local executable JSP files containing logging trace data produced during deserialization of certain crafted OpenJPA objects, which makes it easier for remote attackers to execute arbitrary code by creating a serialized object and leveraging improperly secured server programs.
CVE-2013-4372	1 Redhat	6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more	2025-04-11	N/A
Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management Console in Red Hat JBoss Fuse 6.0.0 before patch 3 and JBoss A-MQ 6.0.0 before patch 3 allow remote attackers to inject arbitrary web script or HTML via the (1) user field in the create user page or (2) profile version to the create profile page.
CVE-2013-0239	2 Apache, Redhat	4 Cxf, Fuse Esb Enterprise, Jboss Enterprise Application Platform and 1 more	2025-04-11	N/A
Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, when the plaintext UsernameToken WS-SecurityPolicy is enabled, allows remote attackers to bypass authentication via a security header of a SOAP request containing a UsernameToken element that lacks a password child element.
CVE-2013-4330	2 Apache, Redhat	10 Camel, Fuse Esb Enterprise, Fuse Management Console and 7 more	2025-04-11	N/A
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
CVE-2013-4221	2 Redhat, Restlet	6 Fuse Esb Enterprise, Fuse Management Console, Fuse Mq Enterprise and 3 more	2025-04-11	N/A
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.

« first previous Page 2 of 2.