Vulnerabilities > Redhat > Decision Manager > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-07-06 CVE-2019-14900 SQL Injection vulnerability in multiple products
A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1.
network
low complexity
hibernate redhat quarkus CWE-89
6.5
2020-03-17 CVE-2020-1720 Missing Authorization vulnerability in multiple products
A flaw was found in PostgreSQL's "ALTER ...
network
low complexity
postgresql redhat CWE-862
6.5
2020-03-05 CVE-2019-14886 Unspecified vulnerability in Redhat Decision Manager and Process Automation Manager
A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context.
network
low complexity
redhat
6.5
2020-01-02 CVE-2019-14863 Cross-site Scripting vulnerability in multiple products
There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
network
low complexity
angularjs redhat CWE-79
6.1
2020-01-02 CVE-2019-14862 There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.
network
low complexity
knockoutjs redhat oracle
6.1
2018-07-26 CVE-2017-7545 XXE vulnerability in Redhat Decision Manager, Jboss BPM Suite and Jbpm
It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files.
network
low complexity
redhat CWE-611
6.5