CVE-2010-1428
Red Hat JBoss Information Disclosure Vulnerability
CVSS
—
No CVSS
EPSS
62.3%
p99
KEV
YES
May 25, 2022
Exploit Today
80
0-100
Published: — · Last modified: —
62.3%EPSS · 30 days62.3%
2026-06-302026-07-16
Product
Red Hat / JBoss
Vulnerability
Red Hat JBoss Information Disclosure Vulnerability
Added to KEV
May 25, 2022
Remediate by
Jun 15, 2022
Known ransomware use
Yes
Summary description
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-1428
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2010-0738—99.6%
KEV—80Red Hat JBoss Authentication Bypass Vulnerability—