Known Vulnerabilities for Karaf by Apache
Listed below are 10 of the newest known vulnerabilities associated with "Karaf" by "Apache".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-22932 | Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of e... | 5.3 - MEDIUM | 2022-01-26 | 2022-02-03 |
| CVE-2021-41766 | Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a J... | 8.1 - HIGH | 2022-01-26 | 2022-02-03 |
| CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.5 - MEDIUM | 2021-02-08 | 2023-11-07 |
| CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method ... | 8.1 - HIGH | 2020-12-18 | 2023-11-07 |
| CVE-2020-11980 | In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin... | 6.3 - MEDIUM | 2020-06-12 | 2021-01-07 |
| CVE-2019-0226 | Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory an... | 4.9 - MEDIUM | 2019-05-09 | 2023-11-07 |
| CVE-2019-0191 | Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the z... | 6.5 - MEDIUM | 2019-03-21 | 2023-11-07 |
| CVE-2018-11788 | Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in... | 9.8 - CRITICAL | 2019-01-07 | 2019-02-12 |
| CVE-2018-11787 | In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .... | 8.1 - HIGH | 2018-09-18 | 2023-11-07 |
| CVE-2018-11786 | In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running in... | 8.8 - HIGH | 2018-09-18 | 2023-11-07 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Karaf | 4.3.0 | All | All | All |
| Application | Apache | Karaf | 4.2.9 | All | All | All |
| Application | Apache | Karaf | 4.2.5 | All | All | All |
| Application | Apache | Karaf | 4.2.4 | All | All | All |
| Application | Apache | Karaf | 4.2.3 | All | All | All |
| Application | Apache | Karaf | 4.2.2 | All | All | All |
| Application | Apache | Karaf | 4.2.11 | All | All | All |
| Application | Apache | Karaf | 4.2.10 | All | All | All |
| Application | Apache | Karaf | 4.2.1 | All | All | All |
| Application | Apache | Karaf | 4.2.0 | milestone2 | All | All |
| Application | Apache | Karaf | 4.2.0 | milestone1 | All | All |
| Application | Apache | Karaf | 4.2.0 | All | All | All |
| Application | Apache | Karaf | 4.1.7 | All | All | All |
| Application | Apache | Karaf | 4.1.6 | All | All | All |
| Application | Apache | Karaf | 4.1.5 | All | All | All |
| Application | Apache | Karaf | 4.1.4 | All | All | All |
| Application | Apache | Karaf | 4.1.3 | All | All | All |
| Application | Apache | Karaf | 4.1.2 | All | All | All |
| Application | Apache | Karaf | 4.1.1 | All | All | All |
| Application | Apache | Karaf | 4.1.0 | All | All | All |