Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:5903
HistoryAug 04, 2022 - 4:17 a.m.

(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update

2022-08-0404:17:59
access.redhat.com
80

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.006 Low

EPSS

Percentile

79.0%

JSON

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

This asynchronous security patch is an update to Red Hat Process Automation Manager 7.

Security Fix(es):

  • com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)

  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

  • wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  • wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)

  • ant: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-36373)

  • mysql-connector-java: unauthorized access to critical (CVE-2021-2471)

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 36
redhat 12
suse 3
nessus 18
openvas 12
debian 3
osv 28
prion 10
veracode 10
debiancve 8
cve 11
spring 1
redhatcve 11
ubuntucve 8
ubuntu 1
cgr 1
wolfi 1
atlassian 4
githubexploit 1
github 11
f5 2
cbl_mariner 3
vaadin 1
alpinelinux 2
broadcom 1
ibm
ibm
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)
2022-06-29 14:09:50
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)
2023-02-01 15:51:44
Security Bulletin: Operations Dashboard is vulnerable to Netty vulnerabilities CVE-2021-37136 and CVE-2021-37137
2022-01-13 15:47:30
redhat
redhat
(RHSA-2021:3959) Moderate: Red Hat build of Eclipse Vert.x 4.1.5 security update
2021-11-10 16:37:03
(RHSA-2021:4851) Low: Red Hat AMQ Broker 7.9.1 release and security update
2021-11-30 08:40:21
(RHSA-2022:0589) Moderate: Red Hat build of Quarkus 2.2.5 release and security update
2022-02-21 18:18:19
suse
suse
Security update for netty (important)
2022-04-20 00:00:00
Security update for jsoup, jsr-305 (important)
2022-04-19 00:00:00
Security update for netty3 (moderate)
2022-06-13 00:00:00
nessus
nessus
Debian DLA-3268-1 : netty - LTS security update
2023-01-16 00:00:00
openSUSE 15 Security Update : netty (SUSE-SU-2022:1271-1)
2023-01-20 00:00:00
Debian DSA-5316-1 : netty - security update
2023-01-12 00:00:00
openvas
openvas
openSUSE: Security Advisory for netty (SUSE-SU-2022:1271-1)
2022-04-21 00:00:00
Debian: Security Advisory (DSA-5316-1)
2023-01-12 00:00:00
Debian: Security Advisory (DLA-3268-1)
2023-01-12 00:00:00
debian
debian
[SECURITY] [DSA 5316-1] netty security update
2023-01-11 22:38:12
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DSA 5227-1] libgoogle-gson-java security update
2022-09-07 10:22:18
osv
osv
netty - security update
2023-01-11 00:00:00
netty - security update
2023-01-11 00:00:00
Uncaught Exception in jsoup
2021-08-23 19:42:38
prion
prion
Input validation
2021-08-18 15:15:00
Race condition
2022-04-01 23:15:00
Design/Logic Flaw
2021-07-14 07:15:00
veracode
veracode
Denial Of Service (DoS)
2022-04-07 12:06:55
Denial Of Service (DoS)
2021-07-15 00:46:23
Denial Of Service (DoS)
2022-06-01 09:52:03
debiancve
debiancve
CVE-2022-22950
2022-04-01 23:15:00
CVE-2021-22569
2022-01-10 14:10:00
CVE-2021-36373
2021-07-14 07:15:00
cve
cve
CVE-2022-22950
2022-04-01 23:15:00
CVE-2021-37714
2021-08-18 15:15:00
CVE-2021-36373
2021-07-14 07:15:00
spring
spring
CVE report published for Spring Framework
2022-03-28 08:00:00
redhatcve
redhatcve
CVE-2021-22569
2022-01-12 23:32:15
CVE-2021-37714
2021-08-18 17:35:05
CVE-2021-43797
2021-12-13 20:02:24
ubuntucve
ubuntucve
CVE-2021-22569
2022-01-10 00:00:00
CVE-2021-37714
2021-08-18 00:00:00
CVE-2021-36373
2021-07-14 00:00:00
ubuntu
ubuntu
Netty vulnerabilities
2023-04-28 00:00:00
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-04-26 03:19:48
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-04-26 09:06:29
atlassian
atlassian
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
2023-11-12 13:45:30
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
DoS (Denial of Service) com.google.code.gson:gson in Jira Software Data Center and Server
2023-11-12 13:45:35
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
github
github
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
2022-07-21 22:35:12
Allocation of Resources Without Limits or Throttling in Spring Framework
2022-04-03 00:01:00
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
2021-09-09 17:11:31
f5
f5
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
K00994461 : GSON vulnerability CVE-2022-25647
2022-08-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-37714 affecting package jsoup 1.11.3-3
2024-04-26 09:06:34
CVE-2021-36373 affecting package javapackages-bootstrap 1.5.0-4
2024-04-17 22:02:46
CVE-2021-36373 affecting package ant 1.10.9-2
2021-08-11 06:39:28
vaadin
vaadin
Denial of service in third-party component in Vaadin 7 and 8
2021-10-27 00:00:00
alpinelinux
alpinelinux
CVE-2021-36373
2021-07-14 07:15:00
CVE-2022-25647
2022-05-01 16:15:00
broadcom
broadcom
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
2023-08-29 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.9 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:N/A:C

0.006 Low

EPSS

Percentile

79.0%

JSON
Related for RHSA-2022:5903
ibm36redhat12suse3nessus18openvas12debian3osv28prion10veracode10debiancve8cve11spring1redhatcve11ubuntucve8ubuntu1cgr1wolfi1atlassian4githubexploit1github11f52cbl_mariner3vaadin1alpinelinux2broadcom1