Jmeter
This hub aggregates every CVE we track for Jmeter, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
14
CVEs tracked
3
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM10CRITICAL3HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 14 most recently published vulnerabilities affecting Jmeter.
- CVE-2021-21348XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)5.3
- CVE-2021-21349A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host6.1
- CVE-2021-21350XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21351XStream is vulnerable to an Arbitrary Code Execution attack5.4
- CVE-2021-21341XStream can cause a Denial of Service7.5
- CVE-2021-21342A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host5.3
- CVE-2021-21343XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights5.3
- CVE-2021-21344XStream is vulnerable to an Arbitrary Code Execution attack5.3
- CVE-2021-21345XStream is vulnerable to a Remote Command Execution attack5.8
- CVE-2021-21346XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2021-21347XStream is vulnerable to an Arbitrary Code Execution attack6.1
- CVE-2019-0187Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using RemoteJMeterEngine and proc...9.8
- CVE-2018-1287In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to JMeterEngine and send un...9.8
- CVE-2018-1297When using Distributed Test only (RMI based), Apache JMeter 2.x and 3.x uses an unsecured RMI connection. This could allow an attacker to get Access to JMeterEngine and send unauthorized code.9.8
Product normalization is registry-driven with AI assist and human review. How it works