Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
process integration vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41271
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging System of SAP NetWeaver Process Integration (PI) - version 7.50. This user can make use of an open naming and directory API to access services that could perform unauthorized operations....
Sap Netweaver Process Integration 7.50
NA
CVE-2022-41272
An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search (UDS) of SAP NetWeaver Process Integration (PI) - version 7.50 and make use of an open naming and directory API to access services which can be used to per...
Sap Netweaver Process Integration 7.50
1 Github repository
4
CVSSv2
CVE-2020-26814
SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an malicious user to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to ...
Sap Process Integration \\(pgp Module - Business-to-business Add On\\) 1.0
3.5
CVSSv2
CVE-2015-1904
IBM Business Process Manager (BPM) 8.0.x up to and including 8.0.1.3, 8.5.0 up to and including 8.5.0.1, 8.5.5 up to and including 8.5.5.0, and 8.5.6 up to and including 8.5.6.0, when external Enterprise Content Management (ECM) integration is enabled with a certain technical sys...
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.0
NA
CVE-2023-4853
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resul...
Quarkus Quarkus
Redhat Decision Manager 7.0
Redhat Jboss Middleware Text-only Advisories 1.0
Redhat Jboss Middleware 1
Redhat Integration Service Registry -
Redhat Integration Camel Quarkus -
Redhat Build Of Quarkus
Redhat Openshift Serverless -
Redhat Integration Camel K
Redhat Process Automation Manager 7.0
Redhat Build Of Optaplanner 8.0
Redhat Openshift Serverless 1.0
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
3 Github repositories
NA
CVE-2021-4178
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged malicious user to supply malicious YAML.
Redhat Fabric8-kubernetes
Redhat Fabric8-kubernetes 5.8.0
Redhat Fabric8-kubernetes 5.0.0
Redhat Process Automation 7.0
Redhat Openshift Application Runtimes -
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat A-mq Streams 2.0.1
Redhat Fuse 7.11
Redhat Integration Camel Quarkus 2.2.1
Redhat Build Of Quarkus 2.2.5
7.5
CVSSv2
CVE-2020-5413
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provide...
Vmware Spring Integration
Oracle Flexcube Private Banking 12.1.0
Oracle Flexcube Private Banking 12.0.0
Oracle Retail Merchandising System 16.0.3
Oracle Banking Virtual Account Management 14.3.0
Oracle Banking Credit Facilities Process Management 14.3.0
Oracle Banking Corporate Lending Process Management 14.3.0
Oracle Retail Customer Management And Segmentation Foundation
Oracle Banking Virtual Account Management 14.2.0
Oracle Banking Virtual Account Management 14.5.0
Oracle Banking Supply Chain Finance 14.2.0
Oracle Banking Corporate Lending Process Management 14.2.0
Oracle Banking Corporate Lending Process Management 14.5.0
Oracle Banking Credit Facilities Process Management 14.2.0
Oracle Banking Credit Facilities Process Management 14.5.0
Oracle Banking Supply Chain Finance 14.3.0
Oracle Banking Supply Chain Finance 14.5.0
3.5
CVSSv2
CVE-2021-3642
A flaw was found in Wildfly Elytron in versions before 1.10.14.Final, before 1.15.5.Final and before 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality.
Redhat Wildfly Elytron
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Data Grid 8.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Integration Camel Quarkus
Redhat Jboss Enterprise Application Platform 7.0.0
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Application Runtimes -
Redhat Process Automation 7.0
Quarkus Quarkus
5.8
CVSSv2
CVE-2021-20218
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause applications using the fabric8 kubernetes-client `copy` command to extract files outside the working path. The highest threat from this vulnerability ...
Redhat Kubernetes-client
Redhat A-mq Online -
Redhat Build Of Quarkus -
Redhat Codeready Studio 12.0
Redhat Descision Manager 7.0
Redhat Integration Camel K -
Redhat Jboss Fuse 7.0.0
Redhat Openshift Container Platform 3.11
Redhat Process Automation 7.0
3.5
CVSSv2
CVE-2017-16789
Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS 3 prior to 3.2.0 Hotfix 7, as used in TIBCO BusinessWorks Process Monitor up to and including 3.0.1.3 and other products, allows remote authenticated administrators to inject arbitrary web script or HTML via th...
Integrationmatters Njams 3
Tibco Businessworks Process Monitor
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »