Redhat

Process Automation

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2025-9784

  • EPSS 0.22%
  • Published 02.09.2025 13:37:59
  • Last modified 24.09.2025 14:15:52

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload b...

7.5

CVE-2024-7885

  • EPSS 6.4%
  • Published 21.08.2024 14:15:09
  • Last modified 25.09.2025 08:15:36

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection....

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

8.8

CVE-2022-1415

  • EPSS 0.63%
  • Published 11.09.2023 21:15:41
  • Last modified 21.11.2024 06:40:41

A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution...

8.8

CVE-2019-14841

  • EPSS 0.17%
  • Published 17.10.2022 16:15:15
  • Last modified 13.05.2025 21:15:58

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

6.7

CVE-2021-4178

  • EPSS 0.08%
  • Published 24.08.2022 16:15:09
  • Last modified 21.11.2024 06:37:04

A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML.

7.5

CVE-2019-14839

  • EPSS 0.27%
  • Published 01.04.2022 23:15:08
  • Last modified 21.11.2024 04:27:28

It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

7.5

CVE-2022-0853

Exploit
  • EPSS 1.7%
  • Published 11.03.2022 18:15:25
  • Last modified 21.11.2024 06:39:31

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

7.5

CVE-2021-4104

  • EPSS 72.2%
  • Published 14.12.2021 12:15:12
  • Last modified 21.11.2024 06:36:54

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppen...