Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
decision manager vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-22319
IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145.
Ibm Operational Decision Manager 8.10.3
Ibm Operational Decision Manager 8.10.4
Ibm Operational Decision Manager 8.10.5.1
Ibm Operational Decision Manager 8.11
Ibm Operational Decision Manager 8.11.0.1
Ibm Operational Decision Manager 8.12.0.1
NA
CVE-2024-22320
IBM Operational Decision Manager 8.10.3 could allow a remote authenticated malicious user to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in ...
Ibm Operational Decision Manager 8.10.3
Ibm Operational Decision Manager 8.10.4
Ibm Operational Decision Manager 8.10.5.1
Ibm Operational Decision Manager 8.11
Ibm Operational Decision Manager 8.11.0.1
Ibm Operational Decision Manager 8.12.0.1
NA
CVE-2023-38545
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 byte...
Haxx Libcurl
Fedoraproject Fedora 37
Netapp Oncommand Workflow Automation -
Netapp Oncommand Insight -
Netapp Active Iq Unified Manager -
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 23h2
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft Windows Server 2022
Microsoft Windows 10 21h2
9 Github repositories
2 Articles
NA
CVE-2023-38546
This flaw allows an malicious user to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single tran...
Haxx Libcurl
2 Articles
NA
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Ietf Http 2.0
Nghttp2 Nghttp2
Netty Netty
Envoyproxy Envoy 1.27.0
Envoyproxy Envoy 1.26.4
Envoyproxy Envoy 1.25.9
Envoyproxy Envoy 1.24.10
Eclipse Jetty
Caddyserver Caddy
Golang Http2
Golang Go
Golang Networking
F5 Big-ip Analytics
F5 Big-ip Policy Enforcement Manager
F5 Big-ip Local Traffic Manager
F5 Big-ip Link Controller
F5 Big-ip Global Traffic Manager
F5 Big-ip Fraud Protection Service
F5 Big-ip Domain Name System
F5 Big-ip Application Security Manager
F5 Big-ip Application Acceleration Manager
F5 Big-ip Advanced Firewall Manager
34 Github repositories
2 Articles
NA
CVE-2023-4853
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resul...
Quarkus Quarkus
Redhat Decision Manager 7.0
Redhat Jboss Middleware Text-only Advisories 1.0
Redhat Jboss Middleware 1
Redhat Integration Service Registry -
Redhat Integration Camel Quarkus -
Redhat Build Of Quarkus
Redhat Openshift Serverless -
Redhat Integration Camel K
Redhat Process Automation Manager 7.0
Redhat Build Of Optaplanner 8.0
Redhat Openshift Serverless 1.0
Redhat Openshift Container Platform 4.10
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
3 Github repositories
NA
CVE-2023-1108
A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.
Redhat Decision Manager 7.0
Redhat Single Sign-on -
Redhat Process Automation 7.0
Redhat Openstack Platform 13.0
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Build Of Quarkus -
Redhat Integration Service Registry -
Redhat Integration Camel K -
Redhat Jboss Enterprise Application Platform Expansion Pack -
Redhat Fuse 1.0.0
Redhat Undertow
Redhat Openshift Container Platform 4.11
Redhat Openshift Container Platform 4.12
Redhat Openshift Container Platform For Linuxone 4.9
Redhat Openshift Container Platform For Linuxone 4.10
Redhat Openshift Container Platform For Power 4.9
Redhat Openshift Container Platform For Power 4.10
Redhat Jboss Enterprise Application Platform 7.4
Redhat Single Sign-on 7.6
Netapp Oncommand Workflow Automation -
NA
CVE-2022-1415
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated malicious user to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
Redhat Decision Manager 7.0
Redhat Process Automation 7.0
Redhat Jboss Middleware Text-only Advisories -
Redhat Drools 7.69.0
1 Github repository
NA
CVE-2023-30056
A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie.
Fico Origination Manager Decision 4.8.1
NA
CVE-2023-30057
Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Fico Origination Manager Decision 4.8.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »