CVE-2024-51127 - Vulnerability Details

- hornetq-core-client: Arbitrarily overwrite files or access sensitive information

Description

An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.

Published: 2024-11-04

Score: 9.1 Critical

EPSS: 1.5% Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

cpe:2.3:a:redhat:hornetq:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat JBoss Enterprise Application Platform 7
	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2024:11531	2024-12-19T00:00:00Z
org.hornetq/hornetq-core-client	cpe:/a:redhat:jboss_enterprise_application_platform:7.4	RHSA-2025:1635	2025-02-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8
eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2024:11529	2024-12-19T00:00:00Z
eap7-hal-console-0:3.3.25-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-hibernate-0:5.3.37-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-jbossws-common-0:3.4.0-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-jbossws-cxf-0:5.4.14-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-opensaml-0:3.4.6-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-wildfly-0:7.4.21-2.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
eap7-xml-security-0:2.3.5-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8	RHSA-2025:1637	2025-02-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9
eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2024:11529	2024-12-19T00:00:00Z
eap7-hal-console-0:3.3.25-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-hibernate-0:5.3.37-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-jbossws-common-0:3.4.0-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-jbossws-cxf-0:5.4.14-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-opensaml-0:3.4.6-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-wildfly-0:7.4.21-2.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
eap7-xml-security-0:2.3.5-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9	RHSA-2025:1638	2025-02-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7
eap7-hornetq-0:2.4.11-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2024:11529	2024-12-19T00:00:00Z
eap7-hal-console-0:3.3.25-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-hibernate-0:5.3.37-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-jbossws-common-0:3.4.0-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-jbossws-cxf-0:5.4.14-1.Final_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-opensaml-0:3.4.6-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-wildfly-0:7.4.21-2.GA_redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
eap7-xml-security-0:2.3.5-1.redhat_00001.1.el7eap	cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7	RHSA-2025:1636	2025-02-18T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8
org.hornetq/hornetq-core-client	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2024:11570	2024-12-19T00:00:00Z
org.jboss.eap-jboss-eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2024:11570	2024-12-19T00:00:00Z
org.hornetq/hornetq-core-client	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2025:0372	2025-01-16T00:00:00Z
org.jboss.eap-jboss-eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2025:0372	2025-01-16T00:00:00Z
org.jboss.ws.cxf-jbossws-cxf	cpe:/a:redhat:jboss_enterprise_application_platform:8.0	RHSA-2025:0372	2025-01-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-atinject-0:2.0.1-3.redhat_00006.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-ecj-1:3.31.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-expressly-0:5.0.0-5.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jansi-0:1.18.0-2.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jctools-0:4.0.5-1.redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-parsson-0:1.1.7-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-vdx-0:1.1.6-3.redhat_1.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-yasson-0:3.0.4-1.redhat_00002.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2024:11559	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.1-1.GA_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-hornetq-0:2.4.11-1.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-jgroups-1:5.2.23-2.Final_redhat_00001.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-wildfly-0:8.0.5-5.GA_redhat_00004.1.el8eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8	RHSA-2025:0371	2025-01-16T00:00:00Z
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
eap8-activemq-artemis-0:2.33.0-2.redhat_00016.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-angus-activation-0:2.0.2-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-apache-commons-lang-0:3.14.0-3.redhat_00007.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-atinject-0:2.0.1-3.redhat_00006.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-azure-storage-0:8.6.6-4.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-commons-logging-jboss-logging-0:1.0.0-2.Final_redhat_1.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.0-1.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-ecj-1:3.31.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-expressly-0:5.0.0-5.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hal-console-0:3.6.20-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hibernate-0:6.2.32-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-hornetq-0:2.4.10-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jakarta-activation-0:2.1.3-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jakarta-xml-bind-api-0:4.0.2-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jansi-0:1.18.0-2.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-javaee-security-soteria-0:3.0.0-3.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-ejb-client-0:5.0.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-marshalling-0:2.1.6-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-remoting-0:5.0.30-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jboss-weld-api-0:5.0.0-4.SP3_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jbossws-cxf-0:7.3.0-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jctools-0:4.0.5-1.redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-jsonb-spec-0:3.0.1-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-narayana-0:6.0.4-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-netty-0:4.1.114-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-netty-transport-native-epoll-0:4.1.114-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-parsson-0:1.1.7-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-resteasy-0:6.2.11-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-undertow-0:2.3.18-1.SP1_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-undertow-jastow-0:2.2.8-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-vdx-0:1.1.6-3.redhat_1.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-0:8.0.5-3.GA_redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-elytron-0:2.2.7-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-wildfly-elytron-ee-0:3.0.3-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-yasson-0:3.0.4-1.redhat_00002.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2024:11560	2024-12-19T00:00:00Z
eap8-eap-product-conf-parent-0:800.5.1-1.GA_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-hornetq-0:2.4.11-1.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-jgroups-1:5.2.23-2.Final_redhat_00001.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2025:0371	2025-01-16T00:00:00Z
eap8-wildfly-0:8.0.5-5.GA_redhat_00004.1.el9eap	cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9	RHSA-2025:0371	2025-01-16T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
Github GHSA	GHSA-r7mv-mv7m-pjw3	hornetq vulnerable to file overwrite, sensitive information disclosure

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.01455.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
http://hornetq.com
https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md
https://nvd.nist.gov/vuln/detail/CVE-2024-51127
https://www.cve.org/CVERecord?id=CVE-2024-51127

History

Thu, 26 Feb 2026 19:15:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}` cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

Fri, 20 Dec 2024 02:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat jboss Enterprise Application Platform
CPEs		cpe:/a:redhat:jboss_enterprise_application_platform:7.4 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el7 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el8 cpe:/a:redhat:jboss_enterprise_application_platform:7.4::el9 cpe:/a:redhat:jboss_enterprise_application_platform:8.0 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el8 cpe:/a:redhat:jboss_enterprise_application_platform:8.0::el9
Vendors & Products		Redhat jboss Enterprise Application Platform

Fri, 29 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
Title		hornetq-core-client: Arbitrarily overwrite files or access sensitive information
References		https://nvd.nist.gov/vuln/detail/CVE-2024-51127 https://www.cve.org/CVERecord?id=CVE-2024-51127
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-22

Wed, 06 Nov 2024 19:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat Redhat hornetq
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:redhat:hornetq::::::::
Vendors & Products		Redhat Redhat hornetq
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}`

Mon, 04 Nov 2024 17:30:00 +0000

Type	Values Removed	Values Added
Description		An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information.
References		http://hornetq.com https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md

Subscriptions

Redhat Hornetq Jboss Enterprise Application Platform

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-11-04T00:00:00.000Z

Updated: 2024-11-06T16:11:29.503Z

Reserved: 2024-10-28T00:00:00.000Z

Link: CVE-2024-51127

Vulnrichment

Updated: 2024-11-06T16:11:23.299Z

NVD

Status : Modified

Published: 2024-11-04T18:15:05.113

Modified: 2024-11-21T09:45:17.017

Link: CVE-2024-51127

Redhat

Severity : Important

Publid Date: 2024-11-04T00:00:00Z

Links: CVE-2024-51127 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object