Process Automation Security Vulnerabilities and Issues — Process Automation CVE List

Lucene search

RedhatProcess Automation

10 matches found

CVE•added 2023/10/10 2:15 p.m.•4450 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.94375EPSS

CVE•added 2023/09/14 3:15 p.m.•2607 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.01068EPSS

CVE•added 2021/12/14 12:15 p.m.•1094 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.94358EPSS

CVE•added 2024/08/21 2:15 p.m.•181 views

CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the sa...

7.5CVSS7.4AI score0.07846EPSS

CVE•added 2021/03/16 9:15 p.m.•166 views

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and s...

7.4CVSS7.2AI score0.00594EPSS

CVE•added 2020/09/23 1:15 p.m.•146 views

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.5CVSS7.3AI score0.00366EPSS

CVE•added 2020/09/16 4:15 p.m.•143 views

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure ...

7.5CVSS7.2AI score0.0031EPSS

CVE•added 2022/03/11 6:15 p.m.•127 views

CVE-2022-0853

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

7.5CVSS7.1AI score0.01364EPSS

CVE•added 2020/01/02 3:15 p.m.•118 views

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

7.1CVSS6.1AI score0.00211EPSS

CVE•added 2022/04/01 11:15 p.m.•56 views

CVE-2019-14839

It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

7.5CVSS7.5AI score0.0027EPSS