Every CVE whose affected-product data names Redhat Jbpm, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2014-8125 — CVSS 7.5 (high): XML external entity (XXE) vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have…
CVE-2017-7545 — CVSS 6.5 (medium): It was discovered that the XmlUtils class in jbpmmigration 6.5 performed expansion of external parameter entities while parsing XML files…
CVE-2013-6465 — CVSS 5.4 (medium): Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE Workbench 6.0.x allow remote authenticated users to inject arbitrary web…
CVE-2021-20306 — CVSS 4.3 (medium): A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow…