cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-37895,https://securityvulnerability.io/vulnerability/CVE-2023-37895,Apache Jackrabbit RMI access can lead to RCE,"A Java object deserialization flaw exists in the Jackrabbit webapp/standalone, enabling attackers to remotely execute code via RMI using the vulnerable 'commons-beanutils' component. This threat affects versions up to 2.20.10 (stable) and 2.21.17 (unstable). Users are strongly advised to update to safer releases: 2.20.11 or 2.21.18. Additionally, deploying other components alongside Jackrabbit may expose servers to similar vulnerabilities. For enhanced security, RMI access should be disabled to mitigate these risks.",Apache,"Apache Jackrabbit Webapp (jackrabbit-webapp),Apache Jackrabbit Standalone (jackrabbit-standalone And Jackrabbit-standalone-components)",9.8,CRITICAL,0.017839999869465828,false,,false,false,false,,,false,false,,2023-07-25T15:15:00.000Z,0
CVE-2020-1940,https://securityvulnerability.io/vulnerability/CVE-2020-1940,,"The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials object but does not remove it upon processing during the first phase of the authentication. In combination with additional, independent authentication mechanisms, this may lead to the new password being disclosed.",Apache,Apache Jackrabbit Oak,7.5,HIGH,0.005270000081509352,false,,false,false,false,,,false,false,,2020-01-28T16:51:10.000Z,0
CVE-2016-6801,https://securityvulnerability.io/vulnerability/CVE-2016-6801,,"Cross-site request forgery (CSRF) vulnerability in the CSRF content-type check in Jackrabbit-Webdav in Apache Jackrabbit 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.3, 2.10.x before 2.10.4, 2.12.x before 2.12.4, and 2.13.x before 2.13.3 allows remote attackers to hijack the authentication of unspecified victims for requests that create a resource via an HTTP POST request with a (1) missing or (2) crafted Content-Type header.",Apache,Jackrabbit,8.8,HIGH,0.0008999999845400453,false,,false,false,true,2018-10-27T10:26:41.000Z,true,false,false,,2016-09-21T14:00:00.000Z,0
CVE-2015-1833,https://securityvulnerability.io/vulnerability/CVE-2015-1833,,"XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.x before 2.4.6, 2.6.x before 2.6.6, 2.8.x before 2.8.1, and 2.10.x before 2.10.1 allows remote attackers to read arbitrary files and send requests to intranet servers via a crafted WebDAV request.",Apache,Jackrabbit,,,0.032999999821186066,false,,false,false,false,,,false,false,,2015-05-29T15:00:00.000Z,0
CVE-2009-0026,https://securityvulnerability.io/vulnerability/CVE-2009-0026,,Multiple cross-site scripting (XSS) vulnerabilities in Apache Jackrabbit before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the q parameter to (1) search.jsp or (2) swr.jsp.,Apache,Jackrabbit,,,0.003449999960139394,false,,false,false,false,,,false,false,,2009-01-21T20:00:00.000Z,0