Skip to main content

Descision Manager

6 CVEs product

Monthly

CVE-2022-0853 HIGH POC This Week

A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Descision Manager Jboss Enterprise Application Platform Jboss Enterprise Application Platform Expansion Pack Process Automation +1
NVD GitHub
CVSS 3.1
7.5
EPSS
1.4%
CVE-2021-3642 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus Codeready Studio Data Grid +9
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-20306 MEDIUM This Month

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Descision Manager Jbpm Process Automation
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-3536 Maven MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid Descision Manager Integration Camel K +5
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-20218 Maven HIGH PATCH This Week

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Kubernetes Path Traversal Kubernetes Client A Mq Online Build Of Quarkus +6
NVD GitHub
CVSS 3.1
7.4
EPSS
1.3%
CVE-2020-10714 Maven HIGH PATCH This Week

A flaw was found in WildFly Elytron version 1.11.3.Final and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Wildfly Elytron Codeready Studio Descision Manager +3
NVD
CVSS 3.1
7.5
EPSS
1.5%
EPSS 1% CVSS 7.5
HIGH POC This Week

A flaw was found in JBoss-client. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Descision Manager Jboss Enterprise Application Platform +3
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Wildfly Elytron Build Of Quarkus +11
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Descision Manager Jbpm +1
NVD
EPSS 1% CVSS 4.8
MEDIUM PATCH This Month

A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Build Of Quarkus Data Grid +7
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

A flaw was found in the fabric8 kubernetes-client in version 4.2.0 and after. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Kubernetes Path Traversal Kubernetes Client +8
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

A flaw was found in WildFly Elytron version 1.11.3.Final and before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Session Fixation Information Disclosure Wildfly Elytron +5
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy