Redhat

Decision Manager

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-1932

  • EPSS 0.23%
  • Published 07.11.2024 10:15:04
  • Last modified 24.06.2025 13:07:42

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an inva...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Published 20.09.2023 10:15:14
  • Last modified 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

8.8

CVE-2022-1415

  • EPSS 0.63%
  • Published 11.09.2023 21:15:41
  • Last modified 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

8.8

CVE-2019-14841

  • EPSS 0.17%
  • Published 17.10.2022 16:15:15
  • Last modified 13.05.2025 21:15:58

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

7.5

CVE-2019-14840

Exploit
  • EPSS 0.16%
  • Published 17.10.2022 16:15:14
  • Last modified 13.05.2025 21:15:58

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

7.5

CVE-2020-1748

  • EPSS 0.31%
  • Published 16.09.2020 16:15:14
  • Last modified 21.11.2024 05:11:18

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to informat...

6.5

CVE-2019-14900

  • EPSS 1.22%
  • Published 06.07.2020 19:15:12
  • Last modified 21.11.2024 04:27:38

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. Th...

8.8

CVE-2020-1714

  • EPSS 2.15%
  • Published 13.05.2020 19:15:11
  • Last modified 21.11.2024 05:11:13

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privi...