CVE-2022-0853 A flaw was found in JBoss-client

CVE-2022-0853 A flaw was found in JBoss-client

The discovered issue allows a remote attacker to execute arbitrary code on the target system in context of the current user. This can be exploited via a maliciously created .jmx file, during authentication process.

The new version 3.2.1 of JBoss-client has been released to fix the issue. Users are advised to update the software as soon as possible.

Another high-severity bug was discovered in Apache Struts. The issue is a cross-site request forgery (CSRF) vulnerability, which can be exploited by a remote attacker to perform malicious actions on behalf of a victim.

Apache Struts is an open source framework for building web applications, which is used by a lot of large companies and organizations. The new version 3.2.1 of Apache Struts has been released to address the issue. Users are advised to update the software as soon as possible.

Important Bug Updates

Many high-severity vulnerabilities were discovered in software. Companies are continually releasing updates to fix these issues.

About Apache Struts

The Struts framework is a free and open source Java web application framework, which allows developers to create completely customizable and maintainable web applications. It has a modular architecture for building dynamic web applications.
Apache Struts is used by organizations such as NASA, UBS, JPMorgan Chase, Toyota, and the U.S. Department of Defense.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe