Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Process_automation
(Redhat)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-03-02 | CVE-2019-14892 | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | Geode, Jackson\-Databind, Decision_manager, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_container_platform, Process_automation | 9.8 | ||
| 2020-09-23 | CVE-2020-10714 | A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Oncommand_insight, Codeready_studio, Descision_manager, Jboss_fuse, Process_automation, Wildfly_elytron | 7.5 | ||
| 2022-10-17 | CVE-2019-14841 | A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | Decision_manager, Process_automation | 8.8 | ||
| 2020-01-02 | CVE-2019-14862 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | Knockout, Business_intelligence, Goldengate, Decision_manager, Process_automation | 6.1 | ||
| 2022-04-01 | CVE-2019-14839 | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | Business\-Central, Descision_manager, Process_automation | 7.5 | ||
| 2020-01-02 | CVE-2019-14863 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | Angular\.js, Decision_manager, Process_automation | N/A |