Lucene search
K
RedhatProcess Automation Manager

5 matches found

CVE
CVE
added 2022/08/09 8:15 p.m.2258 views

CVE-2022-2458

CVE-2022-2458 is an XML External Entity (XXE) vulnerability affecting IBM Business Automation Manager/Open Editions (Business Central) and Kie-Server APIs. The weakness arises from processing XML input with external entities due to a weakly configured XML parser, enabling an attacker to cause Ext...

8.2CVSS8.1AI score0.00669EPSS
CVE
CVE
added 2023/09/20 9:47 a.m.230 views

CVE-2023-4853

CVE-2023-4853 affects Quarkus, where HTTP security policy sanitization fails for certain character permutations in requests. The root cause is improper sanitization, allowing bypass of the security policy and potentially granting unauthorized access to endpoints and causing denial of service. The...

8.1CVSS7.6AI score0.01215EPSS
CVE
CVE
added 2020/03/05 12:0 a.m.107 views

CVE-2019-14886

CVE-2019-14886 affects Red Hat Red Hat Decision Manager/Process Automation Manager (business-central) shipped in rhdm-7.5.1 and rhpam-7.5.1. Root cause: passwords are stored in errai_security_context encoded with Base64 (not encrypted). Impact: potential exposure of user passwords if recovered. P...

6.5CVSS6.3AI score0.00291EPSS
CVE
CVE
added 2022/08/09 8:15 p.m.70 views

CVE-2022-2457

CVE-2022-2457 affects Red Hat Process Automation Manager 7, where the Administration Console is vulnerable to brute-force login attempts due to no limit on failed logins. NVD/V3.1 reports a CRITICAL base score (CVSS:3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Multiple connected documents corrobora...

9.8CVSS9.3AI score0.00511EPSS
CVE
CVE
added 2026/04/08 1:55 p.m.13 views

CVE-2025-58713

Red Hat Process Automation Manager images are affected by CVE-2025-58713 due to /etc/passwd being created with group-writable permissions during build. An attacker who can execute commands in the affected container (even as non-root) could leverage their root-group membership to modify /etc/passw...

6.4CVSS6.1AI score0.00145EPSS