CVE-2016-8648

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Fuse versions 6.x Red Hat JBoss A-MQ versions 6.x

Description A flaw was discovered in the Karaf container used by Red Hat JBoss Fuse and Red Hat JBoss A-MQ, where it deserializes objects passed to MBeans via JMX operations. This could allow an attacker to execute remote code on the server as the user running the Java Virtual Machine if the target MBean contains deserialization gadgets in its classpath.

Recommendations For Red Hat JBoss Fuse version 6.x, update to a version that includes a fix for this issue. For Red Hat JBoss A-MQ version 6.x, update to a version that includes a fix for this issue.