Lucene search
+L
RedhatDecision Manager

20 matches found

CVE
CVE
added 2023/10/10 12:0 a.m.5330 views

CVE-2023-44487

CVE-2023-44487 – HTTP/2 Rapid Reset DoS Root cause: HTTP/2 stream resets can cause servers to continue processing, leading to unbounded resource consumption and potential DoS when clients rapidly cancel streams. What’s affected: Various HTTP/2 implementations and deployments, including servers, p...

7.5CVSS8AI score0.99999EPSS
In wild
CVE
CVE
added 2023/09/14 2:48 p.m.2771 views

CVE-2023-1108

CVE-2023-1108 affects Undertow within Red Hat JBoss EAP 7.3.x (SSLConduit) where an infinite loop on close can cause DoS. Connected RHSA-2025-9583 confirms the issue and indicates a fix in the eap-7.3.z line (Patched Undertow). Remediation is to upgrade to the patched EAP 7.3.x release (eap-7.3.z...

7.5CVSS7.3AI score0.01771EPSS
CVE
CVE
added 2020/03/17 3:28 p.m.487 views

CVE-2020-1720

CVE-2020-1720 discusses a PostgreSQL flaw in ALTER ... DEPENDS ON EXTENSION where sub-commands did not perform authorization checks. An authenticated attacker could, in certain configurations, drop objects (functions, triggers, etc.) causing database corruption. Affected versions are PostgreSQL p...

6.5CVSS6.5AI score0.01183EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.448 views

CVE-2018-19361

CVE-2018-19361 is listed in the IBM Cloudera Observability bulletin as affecting Cloudera Observability on Premises 3.5.3, with remediation in 3.6.2. Description from the bulletin notes that FasterXML jackson-databind 2.x before 2.9.8 allows polymorphic deserialization via the openjpa class, yiel...

9.8CVSS8.8AI score0.10599EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.410 views

CVE-2018-19360

CVE-2018-19360 affects FasterXML jackson-databind 2.x before 2.9.8, where failure to block the axis2-transport-jms class enables polymorphic deserialization with unspecified impact. IBM/Cloudera docs corroborate related deserialization flaws across jackson-databind versions and list remediation a...

9.8CVSS8.8AI score0.10599EPSS
CVE
CVE
added 2019/03/17 5:57 p.m.391 views

CVE-2018-12023

The CVE-2018-12023 issue affects FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (globally or per-property) and the Oracle JDBC jar is in the classpath with an LDAP service accessible to an attacker, the service could be coerced into executing a ma...

7.5CVSS8.4AI score0.08944EPSS
CVE
CVE
added 2020/07/06 6:35 p.m.301 views

CVE-2019-14900

CVE-2019-14900 affects Hibernate ORM prior to 5.3.18, 5.4.18, and 5.5.0.Beta1. The flaw is a SQL injection in the JPA Criteria API implementation that can permit unsanitized literals in the SELECT or GROUP BY clauses, enabling an attacker to access unauthorized information. The connected document...

6.5CVSS6.7AI score0.02126EPSS
CVE
CVE
added 2020/03/02 4:28 p.m.249 views

CVE-2019-14892

CVE-2019-14892 — In jackson-databind, polymorphic deserialization can be exploited via JNDI gadgets (commons-configuration 1/2) to achieve remote code execution. Affected: jackson-databind versions before 2.9.10, 2.8.11.5, and 2.6.7.3. Remediation: upgrade to a fixed jackson-databind release (e.g...

9.8CVSS9.4AI score0.05485EPSS
CVE
CVE
added 2023/09/20 9:47 a.m.233 views

CVE-2023-4853

CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...

8.1CVSS7.6AI score0.01215EPSS
CVE
CVE
added 2023/09/11 8:20 p.m.229 views

CVE-2022-1415

CVE-2022-1415 corresponds to Drools core deserialization vulnerability. Affected component: KIE Drools (Drools core) where improper safeguards during data deserialization allow an authenticated attacker to craft serialized objects (gadgets) and execute arbitrary code on the server. Documented imp...

8.8CVSS8.3AI score0.01044EPSS
CVE
CVE
added 2019/01/02 6:0 p.m.213 views

CVE-2018-19362

CVE-2018-19362: A vulnerability in Jackson Databind (FasterXML) affects 2.x prior to 2.9.8, due to failure to block the jboss-common-core class in polymorphic deserialization. The IBM doc lists an unknown impact/attack vector with a base score of 5.3 and notes the issue as an unspecified deserial...

9.8CVSS8.8AI score0.10599EPSS
CVE
CVE
added 2020/05/13 6:25 p.m.196 views

CVE-2020-1714

Keycloak before 11.0.0 contains usages of ObjectInputStream without type checks, allowing deserialization of arbitrary Java objects in a privileged context and potentially enabling remote code execution (CVE-2020-1714). References associate this CVE with Red Hat advisories noting Keycloak as the ...

8.8CVSS8.5AI score0.02604EPSS
CVE
CVE
added 2020/01/02 2:18 p.m.189 views

CVE-2019-14862

Knockout.js vulnerability (CVE-2019-14862). Affected: Knockout.js

6.1CVSS6.2AI score0.0206EPSS
CVE
CVE
added 2020/01/02 2:20 p.m.180 views

CVE-2019-14863

CVE-2019-14863 affects AngularJS: all versions before 1.5.0-beta.0 are vulnerable to cross-site scripting due to unvalidated data delivered with trusted dynamic content after escaping context. The CVE is referenced in multiple sources (e.g., Ubuntu USN-7958-1, IBM Security Bulletins). Impact is c...

7.1CVSS6.1AI score0.01382EPSS
CVE
CVE
added 2019/03/17 6:14 p.m.176 views

CVE-2018-12022

CVE-2018-12022 affects FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (globally or for a property) and the service classpath contains the Jodd‑db jar (for Jodd DB access) with an LDAP service available, an attacker can trigger remote code executio...

7.5CVSS8.4AI score0.07348EPSS
CVE
CVE
added 2020/09/16 3:27 p.m.168 views

CVE-2020-1748

CVE-2020-1748 affects WildFly Elytron before 1.6.8.Final-redhat-00001. A flaw in the WildFlySecurityManager allows bypassing checks when using custom security managers, causing improper authorization and information exposure via unauthenticated access to secure resources. Connected advisories (GH...

7.5CVSS7.2AI score0.01438EPSS
CVE
CVE
added 2020/03/05 12:0 a.m.109 views

CVE-2019-14886

CVE-2019-14886 affects Red Hat Red Hat Decision Manager/Process Automation Manager (business-central) shipped in rhdm-7.5.1 and rhpam-7.5.1. Root cause: passwords are stored in errai_security_context encoded with Base64 (not encrypted). Impact: potential exposure of user passwords if recovered. P...

6.5CVSS6.3AI score0.00291EPSS
CVE
CVE
added 2018/07/26 3:0 p.m.93 views

CVE-2017-7545

CVE-2017-7545 affects jbpmmigration 6.5, where XmlUtils expands external parameter entities while parsing XML, enabling a remote attacker to read files accessible to the application server user and potentially conduct further XXE attacks. The GHSA and OSV entries corroborate XML External Entity R...

6.5CVSS6.3AI score0.02756EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.74 views

CVE-2019-14841

CVE-2019-14841 affects Red Hat Decision Manager (RHDM) . An authenticated attacker can mutate their role in the HTTP response header, enabling escalation to admin privileges in the Business Central Console . Root cause: improper handling of role assignment in header processing within RHDM. Impact...

8.8CVSS8.6AI score0.00617EPSS
CVE
CVE
added 2022/10/17 12:0 a.m.57 views

CVE-2019-14840

The CVE-2019-14840 entry concerns Red Hat Decision Manager (RHDM). A flaw allows sensitive HTML form fields (e.g., password) to have auto-complete enabled, potentially leaking credentials. Documented impact is confidentiality loss (C:H) with no impact to integrity/availability, and CVSS v3.1 base...

7.5CVSS7.2AI score0.00675EPSS