Redhat Decision Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Decision Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (20)
CVE-2018-19361 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa…
CVE-2019-14892 — CVSS 9.8 (critical): A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic…
CVE-2018-19362 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the…
CVE-2018-19360 — CVSS 9.8 (critical): FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the…
CVE-2020-1714 — CVSS 8.8 (high): A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw…
CVE-2019-14841 — CVSS 8.8 (high): A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an…
CVE-2023-4853 — CVSS 8.1 (high): A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting…
CVE-2022-1415 — CVSS 8.1 (high): A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an…
CVE-2019-14840 — CVSS 7.5 (high): A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of…
CVE-2020-1748 — CVSS 7.5 (high): A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were…
CVE-2018-12023 — CVSS 7.5 (high): An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either…
CVE-2018-12022 — CVSS 7.5 (high): An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2019-14886 — CVSS 6.5 (medium): A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in…
CVE-2017-7545 — CVSS 6.5 (medium): It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files…
CVE-2019-14900 — CVSS 6.5 (medium): A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA…
CVE-2019-14863 — CVSS 6.1 (medium): There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web…
CVE-2019-14862 — CVSS 6.1 (medium): There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web…
CVE-2020-1720 — CVSS 3.1 (low): A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An…