Redhat Process_automation
24 CVEs affecting Redhat Process_automation. Latest disclosed: 2026-03-27. Critical: 2, High: 16.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-14892 | Critical | 9.8 | 2020-03-02 | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious obj… |
CVE-2025-12543 | Critical | 9.6 | 2026-01-07 | A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly val… |
CVE-2019-14841 | High | 8.8 | 2022-10-17 | A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin… |
CVE-2020-1714 | High | 8.8 | 2020-05-13 | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker… |
CVE-2026-28369 | High | 8.7 | 2026-03-27 | A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it incorrectly processes the r… |
CVE-2026-28368 | High | 8.7 | 2026-03-27 | A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are parsed differently by… |
CVE-2026-28367 | High | 8.7 | 2026-03-27 | A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can be used for request s… |
CVE-2022-1415 | High | 8.1 | 2023-09-11 | A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to… |
CVE-2025-9784 | High | 7.5 | 2025-09-02 | A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to a… |
CVE-2024-7885 | High | 7.5 | 2024-08-21 | A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs wh… |
CVE-2023-44487 | High | 7.5 | 2023-10-10 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the w… |
CVE-2023-1108 | High | 7.5 | 2023-09-14 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the lo… |
CVE-2019-14839 | High | 7.5 | 2022-04-01 | It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using… |
CVE-2022-0853 | High | 7.5 | 2022-03-11 | A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to in… |
CVE-2021-4104 | High | 7.5 | 2021-12-14 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can pro… |
CVE-2020-10714 | High | 7.5 | 2020-09-23 | A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker c… |
CVE-2020-1748 | High | 7.5 | 2020-09-16 | A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using cu… |
CVE-2021-20218 | High | 7.4 | 2021-03-16 | A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric… |
CVE-2021-4178 | Medium | 6.7 | 2022-08-24 | A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML par… |
CVE-2019-14863 | Medium | 6.1 | 2020-01-02 | There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers dat… |