Filtered by vendor Redhat Subscriptions
Filtered by product Jboss Enterprise Brms Platform Subscriptions
Total 204 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-4245 2 Codehaus-plexus Project, Redhat 23 Codehaus-plexus, A Mq Clients, Amq Broker and 20 more 2024-08-03 4.3 Medium
A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.
CVE-2022-4244 2 Codehaus-plexus Project, Redhat 23 Codehaus-plexus, A Mq Clients, Amq Broker and 20 more 2024-08-03 7.5 High
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
CVE-2022-1415 1 Redhat 16 Camel Quarkus, Camel Spring Boot, Decision Manager and 13 more 2024-08-03 8.1 High
A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.
CVE-2023-3223 1 Redhat 20 Enterprise Linux, Integration, Jboss Data Grid and 17 more 2024-08-02 7.5 High
A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.