Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
decision manager vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2019-14886
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lea...
Redhat Decision Manager 7.5.1
Redhat Process Automation Manager 7.5.1
NA
CVE-2019-14841
A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an malicious user to gain admin privileges in the Business Central Console.
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
383
VMScore
CVE-2019-14863
There is a vulnerability in all angular versions prior to 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Angularjs Angular.js
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
445
VMScore
CVE-2020-1748
A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticate...
Redhat Wildfly Elytron
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
312
VMScore
CVE-2020-1720
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading t...
Postgresql Postgresql
Redhat Decision Manager 7.0
Redhat Enterprise Linux 8.0
Redhat Software Collections -
NA
CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated malicious user to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
Redhat Jboss Middleware Text-only Advisories -
Redhat Drools 7.69.0
1 Github repository
578
VMScore
CVE-2020-1714
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an malicious user to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potent...
Redhat Keycloak
Redhat Decision Manager 7.0
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Redhat Single Sign-on 7.0
Quarkus Quarkus
383
VMScore
CVE-2019-14862
There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
Knockoutjs Knockout
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Goldengate 12.3.0.1.2
455
VMScore
CVE-2018-12022
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provi...
Fasterxml Jackson-databind
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Merchandising System 15.0
Redhat Openshift Container Platform 3.11
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.3
Redhat Jboss Brms 6.4.10
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
454
VMScore
CVE-2018-12023
An issue exists in FasterXML jackson-databind before 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possi...
Fasterxml Jackson-databind
Debian Debian Linux 9.0
Fedoraproject Fedora 29
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Retail Merchandising System 15.0
Redhat Openshift Container Platform 3.11
Redhat Jboss Enterprise Application Platform 7.2.0
Redhat Single Sign-on 7.3
Redhat Jboss Brms 6.4.10
Redhat Automation Manager 7.3.1
Redhat Decision Manager 7.3.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304
CVE-2024-4240
arbitrary
CVE-2024-31601
XSS
CVE-2023-20198
CVE-2024-4256
CVE-2024-3342
encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »