Search
Search Results (24 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14892 | 3 Apache, Fasterxml, Redhat | 13 Geode, Jackson-databind, Decision Manager and 10 more | 2024-11-21 | 9.8 Critical |
| A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | ||||
| CVE-2019-14886 | 1 Redhat | 4 Decision Manager, Jboss Enterprise Bpms Platform, Jboss Enterprise Brms Platform and 1 more | 2024-11-21 | 6.5 Medium |
| A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed. | ||||
| CVE-2019-14862 | 3 Knockoutjs, Oracle, Redhat | 7 Knockout, Business Intelligence, Goldengate and 4 more | 2024-11-21 | 6.1 Medium |
| There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it. | ||||
| CVE-2019-14839 | 1 Redhat | 3 Business-central, Descision Manager, Process Automation | 2024-11-21 | 7.5 High |
| It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. | ||||