RHSA-2020:3197HighCVSS 8.8

Red Hat Security Advisory: Red Hat Process Automation Manager 7.8.0 Security Update

Published
July 29, 2020
Last Modified
June 26, 2026

🔗 CVE IDs covered (32)

📋 Description

CVE-2019-9512 — HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9514 — HTTP/2: flood using HEADERS frames results in unbounded memory growth CVE-2019-9515 — HTTP/2: flood using SETTINGS frames results in unbounded memory growth CVE-2019-9518 — HTTP/2: flood using empty frames results in excessive resource consumption CVE-2019-10086 — apache-commons-beanutils: does not suppresses the class property in PropertyUtilsBean by default CVE-2019-12406 — cxf: does not restrict the number of message attachments CVE-2019-12423 — cxf: OpenId Connect token service does not properly validate the clientId CVE-2019-13990 — libquartz: XXE attacks via job description CVE-2019-16869 — netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers CVE-2019-17573 — cxf: reflected XSS in the services listing page CVE-2019-20330 — jackson-databind: lacks certain net.sf.ehcache blocking CVE-2019-20444 — netty: HTTP request smuggling CVE-2019-20445 — netty: HttpObjectDecoder.java allows Content-Length header to accompanied by second Content-Length header CVE-2020-1718 — keycloak: security issue on reset credential flow CVE-2020-7238 — netty: HTTP Request Smuggling due to Transfer-Encoding whitespace mishandling CVE-2020-8840 — jackson-databind: Lacks certain xbean-reflect/JNDI blocking CVE-2020-9546 — jackson-databind: Serialization gadgets in shaded-hikari-config CVE-2020-9547 — jackson-databind: Serialization gadgets in ibatis-sqlmap CVE-2020-9548 — jackson-databind: Serialization gadgets in anteros-core CVE-2020-10672 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10673 — jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution CVE-2020-10968 — jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider CVE-2020-10969 — jackson-databind: Serialization gadgets in javax.swing.JEditorPane CVE-2020-11111 — jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory CVE-2020-11112 — jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider CVE-2020-11113 — jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime CVE-2020-11612 — netty: compression/decompression codecs don't enforce limits on buffer allocation sizes CVE-2020-11619 — jackson-databind: Serialization gadgets in org.springframework:spring-aop CVE-2020-11620 — jackson-databind: Serialization gadgets in commons-jelly:commons-jelly CVE-2020-14060 — jackson-databind: serialization in oadd.org.apache.xalan.lib.sql.JNDIConnectionPool CVE-2020-14061 — jackson-databind: serialization in weblogic/oracle-aqjms CVE-2020-14062 — jackson-databind: serialization in com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool

🔗 References (37)