Process Automation Security Vulnerabilities and Issues — Process Automation CVE List

Lucene search

RedhatProcess Automation

11 matches found

CVE•added 2023/10/10 2:15 p.m.•4732 views

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5CVSS8AI score0.9449EPSS

In wildWeb

CVE•added 2023/09/14 3:15 p.m.•2632 views

CVE-2023-1108

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

7.5CVSS7.3AI score0.0481EPSS

CVE•added 2021/12/14 12:15 p.m.•1180 views

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remot...

7.5CVSS9.4AI score0.9447EPSS

In wild

CVE•added 2021/03/16 9:15 p.m.•208 views

CVE-2021-20218

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client copy command to extract files outside the working path. The highest threat from this vulnerability is to integrity and s...

7.4CVSS7.2AI score0.00594EPSS

CVE•added 2024/08/21 2:15 p.m.•197 views

CVE-2024-7885

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the sa...

7.5CVSS7.4AI score0.28035EPSS

CVE•added 2020/09/23 1:15 p.m.•158 views

CVE-2020-10714

A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as syste...

7.5CVSS7.3AI score0.00366EPSS

CVE•added 2020/09/16 4:15 p.m.•153 views

CVE-2020-1748

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure ...

7.5CVSS7.2AI score0.0031EPSS

CVE•added 2022/03/11 6:15 p.m.•146 views

CVE-2022-0853

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

7.5CVSS7.1AI score0.017EPSS

CVE•added 2020/01/02 3:15 p.m.•124 views

CVE-2019-14863

There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

7.1CVSS6.1AI score0.00224EPSS

CVE•added 2022/04/01 11:15 p.m.•57 views

CVE-2019-14839

It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

7.5CVSS7.5AI score0.0027EPSS

CVE•added 2025/09/02 2:15 p.m.•20 views

CVE-2025-9784

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. W...

7.5CVSS5.9AI score0.00249EPSS