Type Application Server Software

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Vendor »

Identifying all affected vendors is a good starting point for an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Product »

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation »

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability »

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector »

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication »

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction »

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day »

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today »

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume »

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities »

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (232): Apache ActiveMQ, Apache ActiveMQ Artemis, Apache ActiveMQ Client, Apache CXF, Apache CXF Fediz, Apache Tomcat, Apache Tomcat Connectors, Apache Tomcat JK ISAPI Connector, Apache Tomcat JK Web Server Connector, Apache Tomcat Native, Apache Tomcat Native Connector, Apache Tomcat Security Manager, Apache Tomcat Servlet Engine, Avaya Aura Application Server 5300, Avaya IP Office Application Server, BEA BEA WebLogic Portal, BEA Weblogic, BEA WebLogic, BEA Weblogic Integration, BEA WebLogic Mobility Server, BEA WebLogic Portal, bea WebLogic Server, BEA WebLogic Server, BEA Weblogic Workshop, BEA WebLogic Workshop, BEA Systems WebLogic, BEA Systems WebLogic Server, Bradford CampusManager Network Control Application Server, Deploy WebLogic Plugin, Digital Creations Zope, Fujitsu Interstage Application Server, Fujitsu Interstage Application Server Plus, Fujitsu Interstage Application Server Standard J, GlassFish Enterprise Server, GNU WildFly, Hitachi Cosminexus Application Server, Hitachi Ucosminexus Application Server Standard, HP Application Server, IBM App Connect, IBM Content Template Catalog, IBM Integration Bus, IBM Liberty, IBM Repository, IBM WebSphere, IBM WebSphere Application Liberty, ibm WebSphere Application Server, IBM WebSphere Application Server, IBM WebSphere Application Server Liberty, IBM WebSphere Application Server ND, IBM WebSphere Business Events, IBM WebSphere Business Modeler, IBM Websphere Caching Proxy Server, IBM WebSphere Cast Iron, IBM WebSphere Cast Iron Cloud Integration, IBM WebSphere Commerce, IBM WebSphere Commerce Enterprise, IBM Websphere Commerce Suite, IBM WebSphere Commerce Suite, IBM WebSphere Dashboard Framework, IBM WebSphere DataPower, IBM WebSphere DataPower Appliance, IBM Websphere Datapower Datapower Integration Appliance Xi50, IBM Websphere Datapower Soa Appliance, IBM WebSphere DataPower XC10, IBM Websphere Datapower Xc10 Appliance, IBM WebSphere DataPower XC10 appliance, IBM WebSphere DataPower XML Security Gateway XS40, IBM WebSphere Edge Server, IBM WebSphere eXtreme Scale, IBM WebSphere eXtreme Scale Client, IBM WebSphere Host On-Demand, IBM WebSphere ILOG JRules, IBM WebSphere ILOG Rule Team Server, IBM WebSphere Message, IBM WebSphere Message Broker, IBM WebSphere Message Broker SOAP FLOWS, IBM WebSphere Message Broker Toolkit, IBM WebSphere MQ, IBM WebSphere MQIPT, IBM Websphere MQ Explorer, IBM WebSphere MQ Internet Pass-Thru, IBM Websphere Mq Internet Pass Thru, IBM WebSphere MQ Light, IBM WebSphere Partner Gateway, IBM WebSphere Plugin, IBM WebSphere Portal, IBM WebSphere Process Server, IBM WebSphere Real Time, IBM WebSphere Service Registry, IBM WebSphere Transformation Extender, IBM WebSphere Virtual Enterprise, Invensys Wonderware Application Server, JBoss, JBOSS, jboss-remoting, JBoss AeroGear, JBoss BRMS, JBoss Enterprise Application Platform, JBoss Expressions, JBoss IronJacamar, JBoss jbossas, JBoss JBoss Application Server, JBoss JBoss Enterprise, JBoss jBPM, JBoss KeyCloak, JBoss Management Console, JBoss RichFaces, jboss seam, JBoss Web Console, JBossWeb Bayeux, JBoss AS 7 Community Release, JBoss KeyCloak, JBoss Operations Network, Jenkins Deploy WebLogic Plugin, Jens Vagelpohl zope-ldapuserfolder, Macromedia Application Server, Metasys Data Server, Metasys Extended Application, Metasys LonWorks Control Server, Metasys Network Automation Engine, Metasys Network Integration Engine, Metasys Open Application Server, Metasys Open Data Server, Metasys Smoke Control Network Automation Engine, Metasys System Configuration Tool, Mozilla Durian Web Application Server, MultiXTpm Application Server, Netweblogic Events Manager, Netweblogic Login With Ajax, Oracle 9i Application Server, Oracle Application Server, Oracle Application Server 9i, Oracle Application Server 10g, Oracle Application Server Discussion Forum Portlet, Oracle Application Server Portal, Oracle Application Server Web Cache, Oracle Bea Product Suite, Oracle BEA Product Suite, Oracle BEA WebLogic, Oracle BEA WebLogic Portal, Oracle Converged Application Server, Oracle Converged Application Server - Service Controller, Oracle Database Server, Oracle GlassFish Communications Server, Oracle GlassFish Enterprise Server, Oracle GlassFish Open Source Edition, Oracle GlassFish Server, Oracle GlassFish Server Open Source Edition, Oracle Glassfish Web Space Server10.0, Oracle Internet Application Server, Oracle Java System Application Server, Oracle Oracle9i Application Server, Oracle Oracle Application Server, Oracle Retail Predictive Application Server, Oracle WebLogic, Oracle WebLogic Portal, Oracle WebLogic Server, Oracle Weblogic Server Component, Oracle WebLogic Workshop, Orion Application Server, Orion%02 Application Server, Parallels Remote Application Server, Plone, Red Hat Application Platforms, Red Hat JBoss, Red Hat Jboss, Red Hat JBossWeb, Red Hat JBoss A-MQ, Red Hat JBoss Application Server, Red Hat JBoss BPMS, Red Hat JBoss BPM Suite, Red Hat JBoss BRMS, Red Hat JBoss Core Services httpd, Red Hat JBoss Data Grid, Red Hat JBoss EAP, Red Hat JBoss Enterprise, Red Hat JBoss Enterprise Application Platform, Red Hat JBoss Enterprise BRMS Platform, Red Hat JBoss Enterprise Portal Platform, Red Hat JBoss Enterprise SOA Platform, Red Hat Jboss Enterprise Soa Platform, Red Hat Jboss Enterprise Web, Red Hat JBoss Fuse, Red Hat Jboss Fuse Esb Enterprise, Red Hat JBoss Operations Network, Red Hat JBoss Portal, Red Hat JBoss Remoting, Red Hat JBoss Web Framework Kit, Red Hat JBoss WildFly Application Server, Red Hat WildFly, Red Hat Wildfly Elytron, SAP ABAP Application Server, SAP Application Server ABAP, SAP ENGINEAPI, SAP Internet Graphics Server, SAP Netweaver ABAP Application Server, SAP NetWeaver Application Server, SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server for ABAP, SAP NetWeaver Application Server for Java, SAP NetWeaver Application Server Java, SAP NetWeaver Application Server Java Web Container, SAP NetWeaver for Java Application Server, SAP Netweaver Java Application Server, SAP SAP-JEECOR, SAP SAP Web Application Server, SAP Web Application Server, SAP Web Dynpro for ABAP, SAP Web Dynpro for BSP, Seagull J Walk Application Server, Siemens SPPA-T3000 Application Server, Sun Application Server, Sun Java System Application Server, Sun Java System Web, Sun ONE Application Server, Sun One Application Server, Tmax Soft JEUS Web Application Server, Weblogicnet, WebLogic Server, WildFly, Wildfly, wildfly-core, WildFly OpenSSL, Wildfly Security Manager, WildFly Deployer Plugin, Wildfly Elytron, WiTango Application Server, Xerces JBoss, Zope, Zope Web Application Server, Zope ZODB, Zulip Chat Application Server

PublishedBaseTempVulnerabilityProdExpRemCTICVE
02/18/20213.73.7IBM WebSphere Application Server path traversalWebSphere Application ServerNot DefinedNot Defined0.42CVE-2021-20354
02/11/20216.36.3IBM WebSphere Application Server xml external entity referenceWebSphere Application ServerNot DefinedNot Defined0.06CVE-2021-20353
02/09/20213.53.5Apache ActiveMQ Administration Console message.jsp cross site scriptingActiveMQNot DefinedNot Defined0.06CVE-2020-13947
01/28/20216.56.5Apache ActiveMQ Artemis OpenWire Protocol access controlActiveMQ ArtemisNot DefinedNot Defined0.06CVE-2021-26118
01/28/20216.96.6Apache ActiveMQ/ActiveMQ Artemis LDAP Login Module improper authenticationActiveMQ/ActiveMQ ArtemisNot DefinedOfficial Fix0.06CVE-2021-26117
01/27/20217.77.7IBM WebSphere Application Server XML Data xml external entity referenceWebSphere Application ServerNot DefinedNot Defined0.12CVE-2020-4949
01/20/20212.42.3Oracle WebLogic Server Web Services information disclosureWebLogic ServerNot DefinedOfficial Fix0.63CVE-2021-1996
01/20/20214.34.1Oracle WebLogic Server Core Components denial of serviceWebLogic ServerNot DefinedOfficial Fix0.07CVE-2021-2033
01/20/20215.95.7Oracle WebLogic Server Centralized Thirdparty Jars denial of serviceWebLogic ServerNot DefinedOfficial Fix0.06CVE-2018-10237
01/20/20216.15.8Oracle WebLogic Server Sample apps cross site scriptingWebLogic ServerNot DefinedOfficial Fix0.00CVE-2020-11022
01/20/20216.56.2Oracle WebLogic Server Web Services unknown vulnerabilityWebLogic ServerNot DefinedOfficial Fix0.06CVE-2021-1995
01/20/20216.56.2Oracle WebLogic Server Sample apps unknown vulnerabilityWebLogic ServerNot DefinedOfficial Fix0.27CVE-2020-5421
01/20/20217.26.9Oracle WebLogic Server Console Remote Privilege EscalationWebLogic ServerNot DefinedOfficial Fix0.14CVE-2021-2109
01/20/20217.37.0Oracle WebLogic Server Console deserializationWebLogic ServerNot DefinedOfficial Fix0.42CVE-2019-10086
01/20/20219.89.4Oracle WebLogic Server Samples Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.16CVE-2021-2075
01/20/20219.89.4Oracle WebLogic Server Core Components Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.13CVE-2021-2108
01/20/20219.89.4Oracle WebLogic Server Core Components Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.05CVE-2021-2064
01/20/20219.89.4Oracle WebLogic Server Core Components Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.34CVE-2021-2047
01/20/20219.89.4Oracle WebLogic Server Web Services Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.24CVE-2021-1994
01/20/20219.89.4Oracle WebLogic Server Core Components unusual conditionWebLogic ServerNot DefinedOfficial Fix0.00CVE-2019-17195
01/14/20215.15.1Apache Tomcat NTFS File System File.getCanonicalPath information disclosureTomcatNot DefinedNot Defined0.06CVE-2021-24122
01/08/20215.05.0Red Hat JBoss Core Services httpd SSL Certificate certificate validationJBoss Core Services httpdNot DefinedOfficial Fix0.05CVE-2020-25680
01/07/20213.73.7IBM WebSphere eXtreme Scale URL Parameter information disclosureWebSphere eXtreme ScaleNot DefinedNot Defined0.05CVE-2020-4336
12/26/20204.34.3Parallels Remote Application Server Login Form socket.io information disclosureRemote Application ServerNot DefinedNot Defined0.06CVE-2020-35710
12/17/20206.36.3Oracle Application Server Websocket access controlApplication ServerNot DefinedNot Defined0.05CVE-2020-25096
12/08/20205.95.9Wildfly OpenTracing API memory leakWildflyNot DefinedNot Defined0.00CVE-2020-27822
12/04/20205.65.6Apache Tomcat Request Header information disclosureTomcatNot DefinedNot Defined0.15CVE-2020-17527
11/25/20205.45.2Wildfly Resource Adapter log fileWildflyNot DefinedOfficial Fix0.03CVE-2020-25640
11/12/20204.84.6Apache CXF services cross site scriptingCXFNot DefinedOfficial Fix0.05CVE-2020-13954
11/03/20205.45.4WildFly Connection resource consumptionWildFlyNot DefinedNot Defined0.00CVE-2020-25689
11/03/20209.89.4Oracle WebLogic Server Remote Code ExecutionWebLogic ServerProof-of-ConceptOfficial Fix0.06CVE-2020-14750
10/28/20206.46.4IBM WebSphere Application Server path traversalWebSphere Application ServerNot DefinedNot Defined0.00CVE-2020-4782
10/20/20203.73.6Oracle Retail Predictive Application Server RPAS Fusion Client information disclosureRetail Predictive Application ServerNot DefinedOfficial Fix1.62CVE-2020-9488
10/20/20206.56.2Oracle Retail Predictive Application Server RPAS Server information disclosureRetail Predictive Application ServerNot DefinedOfficial Fix1.69CVE-2019-3740
10/20/20203.73.6Oracle WebLogic Server information disclosureWebLogic ServerNot DefinedOfficial Fix0.05CVE-2020-9488
10/20/20206.15.8Oracle WebLogic Server Console cross site scriptingWebLogic ServerNot DefinedOfficial Fix0.06CVE-2020-11022
10/20/20206.86.5Oracle WebLogic Server Web Services unknown vulnerabilityWebLogic ServerNot DefinedOfficial Fix0.07CVE-2020-14757
10/20/20207.26.9Oracle WebLogic Server Console Remote Privilege EscalationWebLogic ServerNot DefinedOfficial Fix0.05CVE-2020-14883
10/20/20207.57.2Oracle WebLogic Server information disclosureWebLogic ServerNot DefinedOfficial Fix0.00CVE-2020-14820
10/20/20209.89.4Oracle WebLogic Server Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.06CVE-2020-14859
10/20/20209.89.4Oracle WebLogic Server Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.08CVE-2020-14825
10/20/20209.89.4Oracle WebLogic Server Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.05CVE-2020-14841
10/20/20209.89.4Oracle WebLogic Server Console Remote Code ExecutionWebLogic ServerNot DefinedOfficial Fix0.00CVE-2020-14882
10/20/20209.89.4Oracle WebLogic Server Centralized Thirdparty Jars deserializationWebLogic ServerNot DefinedOfficial Fix0.06CVE-2019-17267
10/16/20206.06.0Red Hat JBoss EAP Legacy SecurityRealm improper authenticationJBoss EAPNot DefinedNot Defined0.00CVE-2020-14299
10/15/20204.34.3SAP NetWeaver Application Server ABAP information disclosureNetWeaver Application Server ABAPNot DefinedNot Defined0.00CVE-2020-6371
10/15/20205.25.2SAP NetWeaver Application Server Java cross site scriptingNetWeaver Application Server JavaNot DefinedNot Defined0.05CVE-2020-6319
10/12/20204.34.3Apache Tomcat HTTP2 Client information disclosureTomcatNot DefinedNot Defined0.00CVE-2020-13943
10/06/20205.55.3WildFly OpenSSL HTTP Session memory leakOpenSSLNot DefinedOfficial Fix0.04CVE-2020-25644
10/01/20205.35.3IBM WebSphere Application Server information disclosureWebSphere Application ServerNot DefinedNot Defined0.07CVE-2020-4576

Do you know our Splunk app?

Download it now for free!