Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2022:5903
HistoryAug 04, 2022 - 4:17 a.m.

(RHSA-2022:5903) Moderate: Red Hat Process Automation Manager 7.13.0 security update

2022-08-0404:17:59
access.redhat.com
87

0.009 Low

EPSS

Percentile

82.9%

JSON

Red Hat Process Automation Manager is an open source business process management suite that combines process management and decision service management and enables business and IT users to create, manage, validate, and deploy process applications and decision services.

This asynchronous security patch is an update to Red Hat Process Automation Manager 7.

Security Fix(es):

  • com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson (CVE-2022-25647)

  • jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck (CVE-2021-37714)

  • netty-codec: Bzip2Decoder doesn’t allow setting size restrictions for decompressed data (CVE-2021-37136)

  • netty-codec: SnappyFrameDecoder doesn’t restrict chunk length and may buffer skippable chunks in an unnecessary way (CVE-2021-37137)

  • protobuf-java: potential DoS in the parsing procedure for binary data (CVE-2021-22569)

  • spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)

  • wildfly-elytron: possible timing attack in ScramServer (CVE-2021-3642)

  • wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users (CVE-2021-3717)

  • ant: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-36373)

  • mysql-connector-java: unauthorized access to critical (CVE-2021-2471)

  • netty: control chars in header names may lead to HTTP request smuggling (CVE-2021-43797)

  • wildfly-core: Invalid Sensitivity Classification of Vault Expression (CVE-2021-3644)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Related

ibm 33
redhat 12
suse 3
openvas 11
debian 2
nessus 16
osv 25
cvelist 9
prion 10
ubuntu 1
redhatcve 9
ubuntucve 8
spring 1
veracode 11
debiancve 7
cgr 1
wolfi 1
githubexploit 2
nvd 9
cve 8
broadcom 1
github 10
vaadin 1
cbl_mariner 3
atlassian 2
f5 1
alpinelinux 1
mageia 1
ibm
ibm
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring is vulnerable to several attack vectors due to its use of Apache Netty (CVE-2021-37136, CVE-2021-37137, CVE-2021-43797)
2022-06-29 14:09:50
Security Bulletin: IBM Sterling B2B Integrator is vulnerable to denial of service due to Netty (CVE-2021-37136, CVE-2021-37137)
2023-02-01 15:51:44
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Netty
2021-12-17 04:21:56
redhat
redhat
(RHSA-2021:3959) Moderate: Red Hat build of Eclipse Vert.x 4.1.5 security update
2021-11-10 16:37:03
(RHSA-2021:4851) Low: Red Hat AMQ Broker 7.9.1 release and security update
2021-11-30 08:40:21
(RHSA-2022:0589) Moderate: Red Hat build of Quarkus 2.2.5 release and security update
2022-02-21 18:18:19
suse
suse
Security update for netty (important)
2022-04-20 00:00:00
Security update for jsoup, jsr-305 (important)
2022-04-19 00:00:00
Security update for netty3 (moderate)
2022-06-13 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3268-1)
2023-01-12 00:00:00
openSUSE: Security Advisory for netty (SUSE-SU-2022:1271-1)
2022-04-21 00:00:00
Debian: Security Advisory (DSA-5316-1)
2023-01-12 00:00:00
debian
debian
[SECURITY] [DLA 3268-1] netty security update
2023-01-11 22:57:14
[SECURITY] [DSA 5316-1] netty security update
2023-01-11 22:38:12
nessus
nessus
Debian DLA-3268-1 : netty - LTS security update
2023-01-16 00:00:00
Debian DSA-5316-1 : netty - security update
2023-01-12 00:00:00
openSUSE 15 Security Update : netty (SUSE-SU-2022:1271-1)
2023-01-20 00:00:00
osv
osv
netty - security update
2023-01-11 00:00:00
netty - security update
2023-01-11 00:00:00
Uncaught Exception in jsoup
2021-08-23 19:42:38
cvelist
cvelist
CVE-2021-37714 Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions
2021-08-18 15:10:11
CVE-2022-22950
2022-04-01 22:17:32
CVE-2021-37136
2021-10-19 00:00:00
prion
prion
Input validation
2021-08-18 15:15:00
Design/Logic Flaw
2021-07-14 07:15:00
Memory corruption
2021-10-19 15:15:00
ubuntu
ubuntu
Netty vulnerabilities
2023-04-28 00:00:00
redhatcve
redhatcve
CVE-2021-22569
2022-01-12 23:32:15
CVE-2021-43797
2021-12-13 20:02:24
CVE-2021-37136
2021-09-14 15:09:07
ubuntucve
ubuntucve
CVE-2021-22569
2022-01-10 00:00:00
CVE-2021-37137
2021-10-19 00:00:00
CVE-2022-22950
2022-04-01 00:00:00
spring
spring
CVE report published for Spring Framework
2022-03-28 08:00:00
veracode
veracode
Denial Of Service (DoS)
2021-07-15 00:46:23
Denial Of Service (DoS)
2022-06-01 09:52:03
Denial Of Service(DoS)
2021-09-10 06:32:27
debiancve
debiancve
CVE-2021-22569
2022-01-10 14:10:16
CVE-2022-22950
2022-04-01 23:15:13
CVE-2021-37136
2021-10-19 15:15:07
cgr
cgr
CVE-2021-22569 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2021-22569 vulnerabilities
2024-06-29 09:08:33
githubexploit
githubexploit
Exploit for Vulnerability in Google Protobuf-Kotlin
2022-01-13 03:33:54
Exploit for CVE-2021-2471
2021-10-22 17:59:16
nvd
nvd
CVE-2021-37137
2021-10-19 15:15:07
CVE-2021-36373
2021-07-14 07:15:08
CVE-2021-37714
2021-08-18 15:15:08
cve
cve
CVE-2022-22950
2022-04-01 23:15:13
CVE-2021-43797
2021-12-09 19:15:07
CVE-2021-37136
2021-10-19 15:15:07
broadcom
broadcom
Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a specially crafted SpEL
2023-08-29 00:00:00
github
github
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
2021-09-09 17:11:21
Uncaught Exception in jsoup
2021-08-23 19:42:38
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
2021-09-09 17:11:31
vaadin
vaadin
Denial of service in third-party component in Vaadin 7 and 8
2021-10-27 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-37714 affecting package jsoup 1.11.3-3
2024-06-29 09:08:33
CVE-2021-36373 affecting package ant 1.10.9-2
2021-08-11 06:39:28
CVE-2021-36373 affecting package javapackages-bootstrap for versions less than 1.14.0-2
2024-04-17 22:02:46
atlassian
atlassian
com.google.protobuf:protobuf-java Vulnerability in Jira Service Management Data Center and Server
2023-10-09 01:44:41
DoS (Denial of Service) org.jsoup:jsoup in Jira Software Data Center and Server
2023-11-12 13:45:30
f5
f5
K000133686 : protobuf-java vulnerability CVE-2021-22569
2023-04-27 00:00:00
alpinelinux
alpinelinux
CVE-2021-36373
2021-07-14 07:15:08
mageia
mageia
Updated google-gson packages fix security vulnerability
2022-09-21 21:15:27

0.009 Low

EPSS

Percentile

82.9%

JSON
Related for RHSA-2022:5903
ibm33redhat12suse3openvas11debian2nessus16osv25cvelist9prion10ubuntu1redhatcve9ubuntucve8spring1veracode11debiancve7cgr1wolfi1githubexploit2nvd9cve8broadcom1github10vaadin1cbl_mariner3atlassian2f51alpinelinux1mageia1