Product:

Process_automation

(Redhat)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2020-03-02 CVE-2019-14892 A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. Geode, Jackson\-Databind, Decision_manager, Jboss_data_grid, Jboss_enterprise_application_platform, Jboss_fuse, Openshift_container_platform, Process_automation 9.8
2020-09-23 CVE-2020-10714 A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Oncommand_insight, Codeready_studio, Descision_manager, Jboss_fuse, Process_automation, Wildfly_elytron 7.5
2020-01-02 CVE-2019-14862 There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Knockout, Business_intelligence, Goldengate, Decision_manager, Process_automation 6.1
2022-04-01 CVE-2019-14839 It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. Business\-Central, Descision_manager, Process_automation 7.5
2020-01-02 CVE-2019-14863 There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. Angular\.js, Decision_manager, Process_automation N/A