Redhat Decision_manager
20 CVEs affecting Redhat Decision_manager. Latest disclosed: 2023-10-10. Critical: 4, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-14892 | Critical | 9.8 | 2020-03-02 | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious obj… |
CVE-2018-19362 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from po… |
CVE-2018-19361 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic… |
CVE-2018-19360 | Critical | 9.8 | 2019-01-02 | FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from… |
CVE-2019-14841 | High | 8.8 | 2022-10-17 | A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin… |
CVE-2020-1714 | High | 8.8 | 2020-05-13 | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker… |
CVE-2023-4853 | High | 8.1 | 2023-09-20 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in inco… |
CVE-2022-1415 | High | 8.1 | 2023-09-11 | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2019-14840 | High | 7.5 | 2022-10-17 | A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. |
CVE-2020-1748 | High | 7.5 | 2020-09-16 | A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using cu… |
CVE-2018-12023 | High | 7.5 | 2019-03-21 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific… |
CVE-2018-12022 | High | 7.5 | 2019-03-21 | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific… |
CVE-2019-14900 | Medium | 6.5 | 2020-07-06 | A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit u… |
CVE-2019-14886 | Medium | 6.5 | 2020-03-05 | A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The enco… |
CVE-2017-7545 | Medium | 6.5 | 2018-07-26 | It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files. A remote attacker co… |
CVE-2019-14863 | Medium | 6.1 | 2020-01-02 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers dat… |
CVE-2019-14862 | Medium | 6.1 | 2020-01-02 | There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to i… |
CVE-2020-1720 | Low | 3.1 | 2020-03-17 | A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use… |