CVE-2014-3518

Red Hat JBoss Enterprise Application Platform 5.2.0 - Remote Code Execution via JMX Remoting

Title source: llm
STIX 2.1

Description

jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to execute arbitrary code via unspecified vectors.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-0887.html

Scores

EPSS 0.0261
EPSS Percentile 83.5%

Details

CWE
CWE-94
Status published
Products (4)
redhat/jboss_enterprise_application_platform 5.2.0
redhat/jboss_enterprise_brms_platform 5.3.1
redhat/jboss_enterprise_portal_platform 5.2.2
redhat/jboss_enterprise_soa_platform 5.3.1
Published Jul 22, 2014
Tracked Since Feb 18, 2026