Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2020:4960
HistoryNov 05, 2020 - 6:43 p.m.

(RHSA-2020:4960) Moderate: Red Hat Decision Manager 7.9.0 security update

2020-11-0518:43:06
access.redhat.com
44

0.007 Low

EPSS

Percentile

79.8%

JSON

Red Hat Decision Manager is an open source decision management platform that combines business rules management, complex event processing, Decision Model & Notation (DMN) execution, and Business Optimizer for solving planning problems. It automates business decisions and makes that logic available to the entire business.

This release of Red Hat Decision Manager 7.9.0 serves as an update to Red Hat Decision Manager 7.8.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • hibernate: SQL injection issue in Hibernate ORM (CVE-2019-14900)

  • batik: SSRF via “xlink:href” (CVE-2019-17566)

  • Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)

  • ant: insecure temporary file vulnerability (CVE-2020-1945)

  • dom4j: XML External Entity vulnerability in default SAX parser (CVE-2020-10683)

  • hibernate-validator: Improper input validation in the interpolation of constraint error messages (CVE-2020-10693)

  • wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)

  • cxf: JMX integration is vulnerable to a MITM attack (CVE-2020-1954)

  • mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2875)

  • mysql-connector-java: allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized partial DoS (CVE-2020-2933)

  • mysql-connector-java: allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors which could result in unauthorized update, insert or delete (CVE-2020-2934)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

redhat 12
openvas 17
fedora 4
suse 5
nessus 24
debian 3
osv 17
freebsd 1
redhatcve 10
cve 9
githubexploit 1
github 8
ibm 36
debiancve 6
cvelist 10
prion 9
ubuntucve 5
nvd 9
veracode 8
f5 1
mageia 2
ubuntu 1
amazon 1
redhat
redhat
(RHSA-2020:4961) Moderate: Red Hat Process Automation Manager 7.9.0 security update
2020-11-05 18:44:42
(RHSA-2020:3461) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
2020-08-17 13:17:33
(RHSA-2020:3462) Important: Red Hat JBoss Enterprise Application Platform 7.3.2 security update
2020-08-17 13:18:02
openvas
openvas
Debian: Security Advisory (DSA-4703-1)
2020-06-12 00:00:00
Fedora: Security Advisory for mysql-connector-java (FEDORA-2020-747ec39700)
2020-09-04 00:00:00
openSUSE: Security Advisory for mysql-connector-java (openSUSE-SU-2021:2622-1)
2021-08-07 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: mysql-connector-java-8.0.21-1.fc33
2020-09-25 17:06:39
[SECURITY] Fedora 32 Update: mysql-connector-java-8.0.21-1.fc32
2020-09-03 16:40:47
[SECURITY] Fedora 31 Update: ant-1.10.8-1.fc31
2020-06-02 03:14:07
suse
suse
Security update for mysql-connector-java (moderate)
2021-08-10 00:00:00
Security update for mysql-connector-java (moderate)
2021-08-05 00:00:00
Security update for dom4j (important)
2020-05-26 00:00:00
nessus
nessus
Oracle MySQL Connectors (Apr 2020 CPU)
2020-04-15 00:00:00
Debian DSA-4703-1 : mysql-connector-java - security update
2020-06-12 00:00:00
openSUSE 15 Security Update : mysql-connector-java (openSUSE-SU-2021:1126-1)
2021-08-11 00:00:00
debian
debian
[SECURITY] [DLA 2245-1] mysql-connector-java security update
2020-06-11 18:29:24
[SECURITY] [DSA 4703-1] mysql-connector-java security update
2020-06-11 17:47:17
[SECURITY] [DLA 2191-1] dom4j security update
2020-04-30 22:00:18
osv
osv
mysql-connector-java - security update
2020-06-11 00:00:00
mysql-connector-java - security update
2020-06-11 00:00:00
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
freebsd
freebsd
MySQL Client -- Multiple vulerabilities
2020-04-14 00:00:00
redhatcve
redhatcve
CVE-2019-14900
2020-05-12 15:40:12
CVE-2020-10714
2020-04-28 04:34:41
CVE-2020-10693
2020-05-05 07:39:53
cve
cve
CVE-2019-14900
2020-07-06 19:15:12
CVE-2020-10693
2020-05-06 14:15:10
CVE-2020-10714
2020-09-23 13:15:15
githubexploit
githubexploit
Exploit for SQL Injection in Hibernate Hibernate Orm
2021-01-06 13:06:45
github
github
SQL Injection in Hibernate ORM
2022-02-10 23:05:04
Improper Input Validation in Hibernate Validator
2021-06-04 21:36:34
Session Fixation in WildFly Elytron
2022-02-15 01:39:57
ibm
ibm
Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to a security vulnerability (CVE-2020-10693)
2021-01-20 09:05:35
Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Z Development and Test Environment - Jan 2021
2021-01-29 14:27:17
Security Bulletin: IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-10693)
2020-12-11 15:53:39
debiancve
debiancve
CVE-2020-10693
2020-05-06 14:15:10
CVE-2020-10683
2020-05-01 19:15:12
CVE-2019-14900
2020-07-06 19:15:12
cvelist
cvelist
CVE-2020-10714
2020-09-23 12:28:17
CVE-2020-10693
2020-05-06 13:03:33
CVE-2019-14900
2020-07-06 18:35:01
prion
prion
Input validation
2020-05-06 14:15:00
Xxe
2020-05-01 19:15:00
Session fixation
2020-09-23 13:15:00
ubuntucve
ubuntucve
CVE-2020-10693
2020-05-06 00:00:00
CVE-2020-10683
2020-05-01 00:00:00
CVE-2019-17566
2020-11-12 00:00:00
nvd
nvd
CVE-2020-10693
2020-05-06 14:15:10
CVE-2020-10683
2020-05-01 19:15:12
CVE-2020-10714
2020-09-23 13:15:15
veracode
veracode
EL Expression Injection
2020-05-18 06:05:42
XML External Entity
2020-04-22 04:37:29
Session Fixation
2020-08-18 02:03:58
f5
f5
K02349370 : dom4j library vulnerability CVE-2020-10683
2020-05-12 00:00:00
mageia
mageia
Updated dom4j packages fix a security vulnerability
2021-01-17 19:07:01
Updated mysql-connector-java package fixes security vulnerability
2020-09-21 22:45:58
ubuntu
ubuntu
dom4j vulnerability
2020-10-13 00:00:00
amazon
amazon
Medium: mysql-connector-java
2023-04-13 19:28:00

0.007 Low

EPSS

Percentile

79.8%

JSON
Related for RHSA-2020:4960
redhat12openvas17fedora4suse5nessus24debian3osv17freebsd1redhatcve10cve9githubexploit1github8ibm36debiancve6cvelist10prion9ubuntucve5nvd9veracode8f51mageia2ubuntu1amazon1