Tomee
This hub aggregates every CVE we track for Tomee, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
10
CVEs tracked
4
Critical
3
High
0
In CISA KEV
Severity distribution
CRITICAL4HIGH3MEDIUM3
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 10 most recently published vulnerabilities affecting Tomee.
- CVE-2021-40690Bypass of the secureValidation property7.5
- CVE-2021-33037Incorrect Transfer-Encoding handling with HTTP/1.05.3
- CVE-2021-30468Apache CXF Denial of service vulnerability in parsing JSON via JsonMapObjectReaderWriter7.5
- CVE-2020-13931If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on T...9.8
- CVE-2020-11969If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authenticatio...9.8
- CVE-2019-17569The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers wer...4.8
- CVE-2019-17359The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.7.5
- CVE-2019-13990initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler through 2.3.0 allows XXE attacks via a job description.9.8
- CVE-2018-8031The Apache TomEE console (tomee-webapp) has a XSS vulnerability which could allow javascript to be executed if the user is given a malicious URL. This web application is typically used to add TomEE...6.1
- CVE-2016-0779The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object.9.8
Product normalization is registry-driven with AI assist and human review. How it works