Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:6813
HistoryOct 05, 2022 - 10:42 a.m.

(RHSA-2022:6813) Important: Red Hat Process Automation Manager 7.13.1 security update

2022-10-0510:42:47
access.redhat.com
69

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

This asynchronous security patch is an update to Red Hat Process Automation Manager 7.

Security Fix(es):

  • chart.js: prototype pollution (CVE-2020-7746)

  • moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)

  • package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 (CVE-2021-23436)

  • artemis-commons: Apache ActiveMQ Artemis DoS (CVE-2022-23913)

  • Business-central: Possible XML External Entity Injection attack (CVE-2022-2458)

  • cross-fetch: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-1365)

  • jackson-databind: denial of service via a large depth of nested objects (CVE-2020-36518)

  • jdbc-postgresql: postgresql-jdbc: Arbitrary File Write Vulnerability (CVE-2022-26520)

  • jdbc-postgresql: Unchecked Class Instantiation when providing Plugin Classes (CVE-2022-21724)

  • Moment.js: Path traversal in moment.locale (CVE-2022-24785)

  • org.drools-droolsjbpm-integration: minimist: prototype pollution (CVE-2021-44906)

  • org.kie.workbench-kie-wb-common: minimist: prototype pollution (CVE-2021-44906)

  • parse-url: Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository ionicabizau/parse-url (CVE-2022-0722)

  • xercesimpl: xerces-j2: infinite loop when handling specially crafted XML document payloads (CVE-2022-23437)

  • eventsource: Exposure of Sensitive Information (CVE-2022-1650)

  • mysql-connector-java: Difficult to exploit vulnerability allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors (CVE-2022-21363)

  • node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)

  • node-forge: Signature verification failing to check tailing garbage bytes can lead to signature forgery (CVE-2022-24772)

  • node-forge: Signature verification leniency in checking digestAlgorithm structure can lead to signature forgery (CVE-2022-24771)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 34
prion 10
redhatcve 9
cve 11
alpinelinux 3
osv 24
github 9
atlassian 5
nessus 20
qualysblog 1
openvas 20
debian 3
redhat 7
ubuntu 1
fedora 2
mageia 1
suse 5
veracode 11
nodejs 2
debiancve 6
ubuntucve 7
f5 1
cnvd 2
cbl_mariner 2
wolfi 1
cgr 1
githubexploit 1
ibm
ibm
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.1
2022-10-28 18:30:08
Security Bulletin: A security vulnerability has been identified in Postgresql shipped with IBM Tivoli Netcool Impact (CVE-2022-26520, CVE-2022-21724, 220313)
2022-09-21 19:33:51
Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785
2023-03-27 17:23:46
prion
prion
Type confusion
2021-09-01 18:15:00
Code injection
2022-03-18 14:15:00
Design/Logic Flaw
2021-01-19 11:15:00
redhatcve
redhatcve
CVE-2021-23436
2022-01-18 11:44:11
CVE-2020-7746
2022-06-14 16:29:19
CVE-2020-28477
2021-01-20 08:55:13
cve
cve
CVE-2021-23436
2021-09-01 18:15:00
CVE-2020-28477
2021-01-19 11:15:00
CVE-2022-23913
2022-02-04 23:15:00
alpinelinux
alpinelinux
CVE-2021-23436
2021-09-01 18:15:00
CVE-2020-28477
2021-01-19 11:15:00
CVE-2022-21724
2022-02-02 12:15:00
osv
osv
CVE-2021-23436
2021-09-01 18:15:08
Prototype Pollution in immer
2021-09-02 17:17:37
libpgjava - security update
2022-07-31 00:00:00
github
github
Prototype Pollution in immer
2021-09-02 17:17:37
Improper Verification of Cryptographic Signature in node-forge
2022-03-18 23:10:28
Prototype Pollution in immer
2021-01-20 21:27:56
atlassian
atlassian
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
2023-03-27 07:30:38
nessus
nessus
Fedora 39 : python-notebook (2023-3256575fc8)
2023-11-07 00:00:00
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Moment.js vulnerabilities (USN-5559-1)
2022-08-10 00:00:00
Debian DLA-3295-1 : node-moment - LTS security update
2023-01-31 00:00:00
qualysblog
qualysblog
Detection of Vulnerabilities in JavaScript Libraries
2023-01-16 11:46:18
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0067)
2024-03-18 00:00:00
Debian: Security Advisory (DLA-3295-1)
2023-01-31 00:00:00
Fedora: Security Advisory for python-notebook (FEDORA-2022-35b698150c)
2022-07-24 00:00:00
debian
debian
[SECURITY] [DLA 3295-1] node-moment security update
2023-01-30 21:29:16
[SECURITY] [DSA 5196-1] libpgjava security update
2022-07-31 11:22:59
[SECURITY] [DLA 2990-1] jackson-databind security update
2022-05-02 18:33:27
redhat
redhat
(RHSA-2022:6272) Moderate: Red Hat OpenShift Service Mesh 2.0.11 security update
2022-08-31 14:53:33
(RHSA-2022:1739) Moderate: Red Hat OpenShift Service Mesh 2.1.2.1 containers security update
2022-05-05 18:01:19
(RHSA-2022:6835) Important: Service Registry (container images) release and security update [2.3.0.GA]
2022-10-06 12:24:42
ubuntu
ubuntu
Moment.js vulnerabilities
2022-08-10 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: python-notebook-6.4.11-3.fc36
2022-07-23 02:01:31
[SECURITY] Fedora 35 Update: python-notebook-6.4.0-4.fc35
2022-07-23 02:28:37
mageia
mageia
Updated jupyter-notebook packages fix security vulnerabilities
2024-03-16 04:42:48
suse
suse
Security update for nodejs8 (moderate)
2022-05-17 00:00:00
Security update for nodejs12 (important)
2022-04-28 00:00:00
Security update for postgresql-jdbc (moderate)
2022-08-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-02-07 06:12:52
Prototype Pollution
2021-09-02 03:12:44
Prototype Pollution
2021-01-20 09:04:36
nodejs
nodejs
Prototype Pollution
2021-02-19 18:18:20
Prototype pollution in chart.js
2021-05-10 18:51:27
debiancve
debiancve
CVE-2020-7746
2020-10-29 08:15:00
CVE-2022-24771
2022-03-18 14:15:00
CVE-2022-26520
2022-03-10 17:47:00
ubuntucve
ubuntucve
CVE-2022-24771
2022-03-18 00:00:00
CVE-2020-7746
2020-10-29 00:00:00
CVE-2022-26520
2022-03-10 00:00:00
f5
f5
K69124112 : PostgreSQL JDBC vulnerability CVE-2022-21724
2022-04-29 00:00:00
cnvd
cnvd
Apache ActiveMQ Resource Management Error Vulnerability (CNVD-2022-14699)
2022-02-21 00:00:00
Oracle MySQL Connectors Input Validation Error Vulnerability (CNVD-2022-15473)
2022-01-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-21363 affecting package mysql 8.0.27-2
2022-02-08 03:14:35
CVE-2022-21363 affecting package mysql 8.0.24-1
2022-04-09 06:53:03
wolfi
wolfi
CVE-2022-21724 vulnerabilities
2024-04-25 03:15:35
cgr
cgr
CVE-2022-21724 vulnerabilities
2024-04-25 03:20:40
githubexploit
githubexploit
Exploit for Prototype Pollution in Substack Minimist
2023-10-02 15:20:35

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.018 Low

EPSS

Percentile

88.0%

JSON
Related for RHSA-2022:6813
ibm34prion10redhatcve9cve11alpinelinux3osv24github9atlassian5nessus20qualysblog1openvas20debian3redhat7ubuntu1fedora2mageia1suse5veracode11nodejs2debiancve6ubuntucve7f51cnvd2cbl_mariner2wolfi1cgr1githubexploit1