Apache Karaf Vulnérabilités

Chronologie

Version

4.3.04
4.3.14
4.3.24
4.3.34
4.3.44

Contre-mesures

Official Fix8
Temporary Fix0
Workaround0
Unavailable0
Not Defined2

Exploitabilité

High0
Functional0
Proof-of-Concept0
Unproven0
Not Defined10

Vecteur d'accès

Not Defined0
Physical0
Local0
Adjacent4
Network6

Authentification

Not Defined0
High0
Low8
None2

Interaction de l'utilisateur

Not Defined0
Required0
None10

C3BM Index

CVSSv3 Base

≤10
≤20
≤30
≤40
≤50
≤64
≤72
≤84
≤90
≤100

CVSSv3 Temp

≤10
≤20
≤30
≤40
≤50
≤64
≤72
≤84
≤90
≤100

VulDB

≤10
≤20
≤30
≤40
≤50
≤64
≤76
≤80
≤90
≤100

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤72
≤80
≤92
≤102

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Fournisseur

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Exploiter 0 jour

<1k0
<2k0
<5k0
<10k6
<25k4
<50k0
<100k0
≥100k0

Exploiter aujourd'hui

<1k6
<2k0
<5k2
<10k2
<25k0
<50k0
<100k0
≥100k0

Exploiter le volume du marché

🔴 CTI Activités

Affected Versions (50): 3, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 4, 4.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.1, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.4, 4.4.1

Link to Product Website: https://www.apache.org/

PubliéBaseTempVulnérabilité0dayAujourd'huiExpConCTICVE
21/12/20228.07.9Apache Karaf JDBC JNDI URL doCreateDatasource elévation de privilèges$5k-$25k$0-$5kNot DefinedOfficial Fix0.07CVE-2022-40145
26/01/20226.36.3Apache Karaf JMX elévation de privilèges$5k-$25k$5k-$25kNot DefinedNot Defined0.00CVE-2021-41766
26/01/20225.55.3Apache Karaf obr Command directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.03CVE-2022-22932
12/06/20207.57.2Apache Karaf JMX Authentication jmx.acl.cfg getMBeansFromURL elévation de privilèges$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2020-11980
09/05/20194.84.6Apache Karaf Config Service directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-0226
21/03/20195.95.8Apache Karaf kar Deployer directory traversal$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2019-0191
07/01/20198.58.2Apache Karaf Features Deployer XMLInputFactory XML External Entity$5k-$25k$0-$5kNot DefinedOfficial Fix0.02CVE-2018-11788
18/09/20187.77.3Apache Karaf WebConsole authentification faible$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-11787
18/09/20187.57.2Apache Karaf sshd elévation de privilèges$5k-$25k$0-$5kNot DefinedOfficial Fix0.00CVE-2018-11786
19/02/20185.45.3Apache Karaf LDAPLoginModule LDAP injection elévation de privilèges$5k-$25k$0-$5kNot DefinedOfficial Fix0.04CVE-2016-8750

plus d'entrées par Apache

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!