• Download
  • Purchase
  • Contact
JNBridge
  • Software
    • JNBridgePro
      • JNBridgePro
        • How It Works
        • Features
        • Developer Center
          • Guides
          • Demos
          • Videos
          • Documentation
        • System Requirements
        • License & Purchase
    • JMS Adapter for BizTalk
      • JMS Adapter for BizTalk
        • How It Works
        • Features
        • Developer Center
        • System Requirements
        • License & Purchase
    • R&D Showcase
      • R&D Showcase
        • Azure Logic Apps Connector for JMS
        • Integrate Java- and Mono-based Microservices using Docker
        • Use the Play Framework to Create a Java Web APP on Top of a .NET Backend
        • Create a .NET-based Visual Monitoring System for Hadoop
        • Build a LINQ Provider for HBase MapReduce
        • Build an Excel Add-in for HBase MapReduce
        • Create .NET-based MapReducers for Hadoop
        • Use a Java SSH Library to Build a BizTalk Adapter
  • Support
    • Support Overview
    • Knowledge Base
    • License Key
  • About
    • About Us
    • Customers
    • Product History
    • Media Coverage
    • Press Releases
    • Contact
  • Blog
  • Search
  • Menu Menu

JNBridgePro Security Patch

  • July 1, 2019

    Dear JNBridge Customer,

    We would like to inform you of a vulnerability recently uncovered in JNBridgePro that effects all versions in certain use cases. The vulnerability was discovered by a security research firm working for a major OEM customer.

    When JNBridgePro is deployed using TCP/binary or HTTP/SOAP communications, it is possible for an unauthorized user to execute arbitrary code. For example, in the .NET-to-Java direction, an unauthorized user can access any API on the Java side, including Runtime.exec(). It is not necessary to have the proxies to access these APIs; an unauthorized application could mimic the JNBridge binary and HTTP protocols. A similar exploit exists in the Java-to-.NET direction.

    The problem does not exist when using shared memory communications, as these cross-platform requests can only be made from the same process.

    You do not need to apply the patch if your JNBridgePro application using is using shared memory and you always intend to use shared memory.

    For all other scenarios, we recommend applying the patch.

    Please contact support@jnbridge.com if your version is not listed above.

  • This field is for validation purposes and should be left unchanged.

Scroll to top

This site uses cookies. By continuing to browse our trusted site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings



How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.

We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.

We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.

Other external services

We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Google reCaptcha Settings:

Vimeo and Youtube video embeds:

Accept settingsHide notification only