Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:4961
HistoryNov 05, 2020 - 6:44 p.m.

(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update

2020-11-0518:44:42
access.redhat.com
58

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

JSON

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

This release of Red Hat Process Automation Manager 7.9.0 serves as an update to Red Hat Process Automation Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  • batik: SSRF via “xlink:href” (CVE-2019-17566)

  • Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)

  • ant: insecure temporary file vulnerability (CVE-2020-1945)

  • dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  • hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)

  • wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  • cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)

  • mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)

  • mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)

  • mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 13
openvas 19
nessus 30
suse 5
fedora 4
debian 3
osv 18
freebsd 1
cve 11
redhatcve 10
githubexploit 1
ibm 37
github 8
debiancve 6
prion 10
veracode 9
ubuntucve 5
ubuntu 1
mageia 3
f5 1
amazon 1
photon 1
archlinux 1
gentoo 1
redhat
redhat
(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update
2020-11-05 18:43:06
(RHSA-2020:3464) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
2020-08-17 13:21:20
(RHSA-2020:3463) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
2020-08-17 13:19:02
openvas
openvas
Fedora: Security Advisory for mysql-connector-java (FEDORA-2020-747ec39700)
2020-09-04 00:00:00
openSUSE: Security Advisory for mysql-connector-java (openSUSE-SU-2021:2622-1)
2021-08-07 00:00:00
Fedora: Security Advisory for mysql-connector-java (FEDORA-2020-35995bb2d3)
2020-09-26 00:00:00
nessus
nessus
Oracle MySQL Connectors (Apr 2020 CPU)
2020-04-15 00:00:00
Debian DSA-4703-1 : mysql-connector-java - security update
2020-06-12 00:00:00
SUSE SLED12 / SLES12 Security Update : mysql-connector-java (SUSE-SU-2021:2877-1)
2021-08-31 00:00:00
suse
suse
Security update for mysql-connector-java (moderate)
2021-08-05 00:00:00
Security update for mysql-connector-java (moderate)
2021-08-10 00:00:00
Security update for dom4j (important)
2020-05-26 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mysql-connector-java-8.0.21-1.fc32
2020-09-03 16:40:47
[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33
2020-09-25 17:06:39
[SECURITY] Fedora 32 Update: ant-1.10.8-1.fc32
2020-06-02 03:54:05
debian
debian
[SECURITY] [DSA 4703-1] mysql-connector-java security update
2020-06-11 17:47:17
[SECURITY] [DLA 2245-1] mysql-connector-java security update
2020-06-11 18:29:24
[SECURITY] [DLA 2191-1] dom4j security update
2020-04-30 22:00:18
osv
osv
mysql-connector-java - security update
2020-06-11 00:00:00
mysql-connector-java - security update
2020-06-11 00:00:00
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
freebsd
freebsd
MySQL Client -- Multiple vulerabilities
2020-04-14 00:00:00
cve
cve
CVE-2019-14900
2020-07-06 19:15:00
CVE-2020-10693
2020-05-06 14:15:00
CVE-2020-10714
2020-09-23 13:15:00
redhatcve
redhatcve
CVE-2019-14900
2020-05-12 15:40:12
CVE-2020-10714
2020-04-28 04:34:41
CVE-2020-10693
2020-05-05 07:39:53
githubexploit
githubexploit
Exploit for SQL Injection in Hibernate Hibernate Orm
2021-01-06 13:06:45
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10693)
2021-01-20 09:05:35
Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)
2021-01-15 22:29:11
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-10693)
2020-12-11 15:53:39
github
github
Improper Input Validation in Hibernate Validator
2021-06-04 21:36:34
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
Session Fixation in WildFly Elytron
2022-02-15 01:39:57
debiancve
debiancve
CVE-2020-10693
2020-05-06 14:15:00
CVE-2019-14900
2020-07-06 19:15:00
CVE-2020-10683
2020-05-01 19:15:00
prion
prion
Sql injection
2020-07-06 19:15:00
Input validation
2020-05-06 14:15:00
Session fixation
2020-09-23 13:15:00
veracode
veracode
SQL Injection
2020-08-18 02:03:37
Session Fixation
2020-08-18 02:03:58
EL Expression Injection
2020-05-18 06:05:42
ubuntucve
ubuntucve
CVE-2020-10693
2020-05-06 00:00:00
CVE-2020-10683
2020-05-01 00:00:00
CVE-2020-2875
2020-04-15 00:00:00
ubuntu
ubuntu
dom4j vulnerability
2020-10-13 00:00:00
mageia
mageia
Updated dom4j packages fix a security vulnerability
2021-01-17 19:07:01
Updated mysql-connector-java package fixes security vulnerability
2020-09-21 22:45:58
Updated ant packages fix security vulnerability
2020-05-27 21:17:37
f5
f5
K02349370 : dom4j library vulnerability CVE-2020-10683
2020-05-12 00:00:00
amazon
amazon
Medium: mysql-connector-java
2023-04-13 19:28:00
photon
photon
Moderate Photon OS Security Update - PHSA-2020-0099
2020-06-01 00:00:00
archlinux
archlinux
[ASA-202005-15] ant: arbitrary command execution
2020-05-20 00:00:00
gentoo
gentoo
Apache Ant: Multiple vulnerabilities
2020-07-27 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.007 Low

EPSS

Percentile

79.4%

JSON
Related for RHSA-2020:4961
redhat13openvas19nessus30suse5fedora4debian3osv18freebsd1cve11redhatcve10githubexploit1ibm37github8debiancve6prion10veracode9ubuntucve5ubuntu1mageia3f51amazon1photon1archlinux1gentoo1