Redhat

Decision Manager

21 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2023-1932

  • EPSS 0.23%
  • Veröffentlicht 07.11.2024 10:15:04
  • Zuletzt bearbeitet 24.06.2025 13:07:42

A flaw was found in hibernate-validator's 'isValid' method in the org.hibernate.validator.internal.constraintvalidators.hv.SafeHtmlValidator class, which can be bypassed by omitting the tag ending in a less-than character. Browsers may render an inva...

7.5

CVE-2023-44487

Warnung Medienbericht Exploit
  • EPSS 94.44%
  • Veröffentlicht 10.10.2023 14:15:10
  • Zuletzt bearbeitet 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Veröffentlicht 20.09.2023 10:15:14
  • Zuletzt bearbeitet 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Veröffentlicht 14.09.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

8.8

CVE-2022-1415

  • EPSS 0.63%
  • Veröffentlicht 11.09.2023 21:15:41
  • Zuletzt bearbeitet 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

8.8

CVE-2019-14841

  • EPSS 0.17%
  • Veröffentlicht 17.10.2022 16:15:15
  • Zuletzt bearbeitet 13.05.2025 21:15:58

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

7.5

CVE-2019-14840

Exploit
  • EPSS 0.16%
  • Veröffentlicht 17.10.2022 16:15:14
  • Zuletzt bearbeitet 13.05.2025 21:15:58

A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

7.5

CVE-2020-1748

  • EPSS 0.31%
  • Veröffentlicht 16.09.2020 16:15:14
  • Zuletzt bearbeitet 21.11.2024 05:11:18

A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to informat...

6.5

CVE-2019-14900

  • EPSS 1.22%
  • Veröffentlicht 06.07.2020 19:15:12
  • Zuletzt bearbeitet 21.11.2024 04:27:38

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. Th...

8.8

CVE-2020-1714

  • EPSS 2.15%
  • Veröffentlicht 13.05.2020 19:15:11
  • Zuletzt bearbeitet 21.11.2024 05:11:13

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privi...