RHSA-2023:4983HighCVSS 9.8

Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.4 security update

Published
September 5, 2023
Last Modified
June 29, 2026

🔗 CVE IDs covered (18)

📋 Description

CVE-2021-30129 — mina-sshd-core: Memory leak denial of service in Apache Mina SSHD Server CVE-2022-3143 — wildfly-elytron: possible timing attacks via use of unsafe comparator CVE-2022-3171 — protobuf-java: timeout in parser leads to DoS CVE-2022-3509 — protobuf-java: Textformat parsing issue leads to DoS CVE-2022-3510 — protobuf-java: Message-Type Extensions parsing issue leads to DoS CVE-2022-4492 — undertow: Server identity in https connection is not checked by the undertow client CVE-2022-25857 — snakeyaml: Denial of Service due to missing nested depth limitation for collections CVE-2022-37599 — loader-utils: regular expression denial of service in interpolateName.js CVE-2022-38900 — decode-uri-component: improper input validation resulting in DoS CVE-2022-40152 — woodstox-core: woodstox to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41854 — dev-java/snakeyaml: DoS via stack overflow CVE-2022-42920 — Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing CVE-2022-45047 — mina-sshd: Java unsafe deserialization vulnerability CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-20860 — springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern CVE-2023-20861 — springframework: Spring Expression DoS Vulnerability CVE-2023-20883 — spring-boot: Spring Boot Welcome Page DoS Vulnerability CVE-2023-24998 — FileUpload: FileUpload DoS with excessive parts

🔗 References (15)