Vulnerabilities > Redhat > Process Automation > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-24 | CVE-2021-4178 | Deserialization of Untrusted Data vulnerability in Redhat products A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. | 6.7 |
| 2022-04-01 | CVE-2019-14839 | Information Exposure vulnerability in Redhat products It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | 5.0 |
| 2022-03-11 | CVE-2022-0853 | Memory Leak vulnerability in Redhat products A flaw was found in JBoss-client. | 5.0 |
| 2021-06-01 | CVE-2021-20306 | Unspecified vulnerability in Redhat Descision Manager, Jbpm and Process Automation A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. | 4.0 |
| 2021-03-16 | CVE-2021-20218 | Path Traversal vulnerability in Redhat products A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. | 5.8 |
| 2020-09-16 | CVE-2020-1748 | Unspecified vulnerability in Redhat Wildfly Elytron A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. | 5.0 |
| 2020-05-13 | CVE-2020-1714 | Improper Input Validation vulnerability in multiple products A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. | 6.5 |
| 2020-01-02 | CVE-2019-14863 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 4.3 |
| 2020-01-02 | CVE-2019-14862 | Cross-site Scripting vulnerability in multiple products There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | 4.3 |