Descision Manager
CVE-2022-0853
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
AnalysisAI
A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. Affected products include: Redhat Descision Manager, Redhat Jboss Enterprise Application Platform, Redhat Jboss Enterprise Application Platform Expansion Pack, Redhat Process Automation, Redhat Single Sign-On.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
More in Descision Manager
View allA flaw was found in WildFly Elytron version 1.11.3.Final and before. Rated high severity (CVSS 7.5), this vulnerability
A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulne
A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final
A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin conso
A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Rated medium severity (CVSS 4.3), this vulnerability i
Same weakness CWE-401 – Memory Leak
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today