Red hat process automation manager
This hub aggregates every CVE we track for Red hat process automation manager, a product in the operating systems space. Use it to gauge the current risk picture and drill into individual advisories.
Operating Systemson-prem
25
CVEs tracked
11
Critical
7
High
0
In CISA KEV
Severity distribution
CRITICAL11HIGH7MEDIUM6LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 15 most recently published vulnerabilities affecting Red hat process automation manager.
- CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3
- CVE-2022-4244Codehaus-plexus: directory traversal7.5
- CVE-2022-45047Apache MINA SSHD: Java unsafe deserialization vulnerability9.8
- CVE-2022-42920Apache Commons BCEL prior to 6.6.0 allows producing arbitrary bytecode via out-of-bounds writing9.8
- CVE-2022-40152Stack Buffer Overflow in Woodstox6.5
- CVE-2022-25647Deserialization of Untrusted Data7.7
- CVE-2021-44906Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).9.8
- CVE-2020-36518jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.7.5
- CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5
- CVE-2021-37137The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was rece...7.5
- CVE-2020-28491Denial of Service (DoS)7.5
- CVE-2020-9512Уязвимость системы автоматизации бизнес-процессов Red Hat Process Automation Manager, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании у целевой системы7.5
- CVE-2020-14019Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.7.8
- CVE-2020-9488Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log me...3.7
- CVE-2020-9546FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hi...9.8
Product normalization is registry-driven with AI assist and human review. How it works