Redhat Process Automation — known CVE vulnerabilities
Every CVE whose affected-product data names Redhat Process Automation, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (23)
CVE-2019-14892 — CVSS 9.8 (critical): A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic…
CVE-2025-12543 — CVSS 9.6 (critical): A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library…
CVE-2019-14841 — CVSS 8.8 (high): A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an…
CVE-2020-1714 — CVSS 8.8 (high): A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw…
CVE-2026-28369 — CVSS 8.7 (high): A flaw was found in Undertow. When Undertow receives an HTTP request where the first header line starts with one or more spaces, it…
CVE-2026-28368 — CVSS 8.7 (high): A flaw was found in Undertow. This vulnerability allows a remote attacker to construct specially crafted requests where header names are…
CVE-2026-28367 — CVSS 8.7 (high): A flaw was found in Undertow. A remote attacker can exploit this vulnerability by sending `\r\r\r` as a header block terminator. This can…
CVE-2022-1415 — CVSS 8.1 (high): A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an…
CVE-2021-4104 — CVSS 7.5 (high): JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration…
CVE-2020-10714 — CVSS 7.5 (high): A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in…
CVE-2020-1748 — CVSS 7.5 (high): A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were…
CVE-2019-14839 — CVSS 7.5 (high): It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password…
CVE-2022-0853 — CVSS 7.5 (high): A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction…
CVE-2023-1108 — CVSS 7.5 (high): A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in…
CVE-2024-7885 — CVSS 7.5 (high): A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests…
CVE-2025-9784 — CVSS 7.5 (high): A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This…
CVE-2021-20218 — CVSS 7.4 (high): A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. This flaw allows a malicious pod/container to cause…
CVE-2021-4178 — CVSS 6.7 (medium): A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly…
CVE-2019-14863 — CVSS 6.1 (medium): There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web…
CVE-2019-14862 — CVSS 6.1 (medium): There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web…
CVE-2021-3642 — CVSS 5.3 (medium): A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer…
CVE-2021-20306 — CVSS 4.3 (medium): A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow…