Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10714 | 2 Netapp, Redhat | 6 Oncommand Insight, Codeready Studio, Descision Manager and 3 more | 2024-11-21 | 5.1 MEDIUM | 7.5 HIGH |
| A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2019-14892 | 3 Apache, Fasterxml, Redhat | 8 Geode, Jackson-databind, Decision Manager and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | |||||
| CVE-2019-14862 | 3 Knockoutjs, Oracle, Redhat | 5 Knockout, Business Intelligence, Goldengate and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | |||||
| CVE-2019-14839 | 1 Redhat | 3 Business-central, Descision Manager, Process Automation | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | |||||