Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update
🔗 CVE IDs covered (11)
📋 Description
CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-40151 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41966 — xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow CVE-2022-44729 — batik: Server-Side Request Forgery vulnerability CVE-2022-44730 — batik: Server-Side Request Forgery vulnerability CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-5072 — JSON-java: parser confusion leads to OOM CVE-2023-6481 — logback: A serialization vulnerability in logback receiver CVE-2023-6717 — keycloak: XSS via assertion consumer service URL in SAML POST-binding flow CVE-2023-33201 — bouncycastle: potential blind LDAP injection attack using a self-signed certificate
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2024:1353
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2134292
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2150009
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2166004
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2170431
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2215465
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2229295
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2233889
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2233899
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2246417
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1353.json