5 matches found
CVE-2022-2458
CVE-2022-2458 is an XML External Entity (XXE) vulnerability affecting IBM Business Automation Manager/Open Editions (Business Central) and Kie-Server APIs. The weakness arises from processing XML input with external entities due to a weakly configured XML parser, enabling an attacker to cause Ext...
CVE-2023-4853
CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...
CVE-2019-14886
CVE-2019-14886 affects Red Hat Red Hat Decision Manager/Process Automation Manager (business-central) shipped in rhdm-7.5.1 and rhpam-7.5.1. Root cause: passwords are stored in errai_security_context encoded with Base64 (not encrypted). Impact: potential exposure of user passwords if recovered. P...
CVE-2022-2457
CVE-2022-2457 affects Red Hat Process Automation Manager 7, where the Administration Console is vulnerable to brute-force login attempts due to no limit on failed logins. NVD/V3.1 reports a CRITICAL base score (CVSS:3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Multiple connected documents corrobora...
CVE-2025-58713
Red Hat Process Automation Manager images are affected by CVE-2025-58713 due to /etc/passwd being created with group-writable permissions during build. An attacker who can execute commands in the affected container (even as non-root) could leverage their root-group membership to modify /etc/passw...