Search for packages
| purl | pkg:maven/org.apache.jmeter/ApacheJMeter@4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-p614-njfn-m7ak
Aliases: CVE-2019-0187 |
Deserialization of Untrusted Data Unauthenticated RCE is possible when JMeter is used in distributed mode (-r or -R command line options). Attacker can establish a RMI connection to a jmeter-server using `RemoteJMeterEngine` and proceed with an attack using untrusted data deserialization. This only affect tests running in Distributed mode. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9xz8-znea-wufj | Cleartext Transmission of Sensitive Information When using Distributed Test only (RMI based), Apache `JMeteranduses` an unsecured RMI connection. This could allow an attacker to get access to `JMeterEngine` and send unauthorized code. |
CVE-2018-1297
|
| VCID-xumm-un1w-wkcu | Improper Access Control When using Distributed Test only (RMI based), jmeter server binds RMI Registry to wildcard host. This could allow an attacker to get Access to `JMeterEngine` and send unauthorized code. |
CVE-2018-1287
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-02T04:38:58.583786+00:00 | GitLab Importer | Affected by | VCID-p614-njfn-m7ak | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jmeter/ApacheJMeter/CVE-2019-0187.yml | 38.6.0 |
| 2026-06-02T04:37:31.128774+00:00 | GitLab Importer | Fixing | VCID-xumm-un1w-wkcu | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jmeter/ApacheJMeter/CVE-2018-1287.yml | 38.6.0 |
| 2026-06-02T04:37:30.976816+00:00 | GitLab Importer | Fixing | VCID-9xz8-znea-wufj | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.jmeter/ApacheJMeter/CVE-2018-1297.yml | 38.6.0 |