CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2457
https://notcve.org/view.php?id=CVE-2022-2457
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts. Se ha encontrado un fallo en Red Hat Process Automation Manager versión 7 por el que un atacante puede beneficiarse de un ataque de fuerza bruta contra la Consola de Administración ya que la aplicación no limita el número de intentos de inicio de sesión fallidos • https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2458 – Business-central: Possible XML External Entity Injection attack
https://notcve.org/view.php?id=CVE-2022-2458
XML external entity injection(XXE) is a vulnerability that allows an attacker to interfere with an application's processing of XML data. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. Here, XML external entity injection lead to External Service interaction & Internal file read in Business Central and also Kie-Server APIs. Una inyección de tipo XML external entity (XXE) es una vulnerabilidad que permite a un atacante interferir en el procesamiento de datos XML de una aplicación. • https://bugzilla.redhat.com/show_bug.cgi?id=2107994#c0 https://access.redhat.com/security/cve/CVE-2022-2458 https://bugzilla.redhat.com/show_bug.cgi?id=2107994 • CWE-91: XML Injection (aka Blind XPath Injection) CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-14839
https://notcve.org/view.php?id=CVE-2019-14839
It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc. Se ha observado que mientras es accedido a la consola de Business-central, una petición HTTP divulga información confidencial como el nombre de usuario y la contraseña cuando es interceptada usando alguna herramienta como burp suite, etc • https://bugzilla.redhat.com/show_bug.cgi?id=1748178 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 1CVE-2022-0853 – jboss-client: memory leakage in remote client transaction
https://notcve.org/view.php?id=CVE-2022-0853
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. Se ha encontrado un fallo en JBoss-client. La vulnerabilidad es producida debido a una pérdida de memoria en el lado del cliente de JBoss, cuando es usado UserTransaction repetidamente y conlleva a una vulnerabilidad de filtrado de información A flaw was found in the jboss-client. A memory leak on the JBoss client-side occurs when using UserTransaction repeatedly, leading to an information leakage vulnerability. • https://github.com/ByteHackr/CVE-2022-0853 https://bugzilla.redhat.com/show_bug.cgi?id=2060725 https://access.redhat.com/security/cve/CVE-2022-0853 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 6.7EPSS: 0%CPEs: 16EXPL: 0CVE-2021-4178 – kubernetes-client: Insecure deserialization in unmarshalYaml method
https://notcve.org/view.php?id=CVE-2021-4178
A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. Se ha encontrado un fallo de ejecución de código arbitrario en el cliente de Kubernetes Fabric 8 afectando a versiones 5.0.0-beta-1 y superiores. Debido a una configuración incorrecta del análisis de YAML, esto permitirá a un atacante local y con privilegios suministrar YAML malicioso. • https://access.redhat.com/security/cve/CVE-2021-4178 https://bugzilla.redhat.com/show_bug.cgi?id=2034388 https://github.com/advisories/GHSA-98g7-rxmf-rrxm https://github.com/fabric8io/kubernetes-client/issues/3653 • CWE-502: Deserialization of Untrusted Data •