RHSA-2024:1353HighCVSS 7.5

Red Hat Security Advisory: Red Hat Process Automation Manager 7.13.5 security update

Published
March 18, 2024
Last Modified
June 6, 2026

🔗 CVE IDs covered (11)

📋 Description

CVE-2022-1471 — SnakeYaml: Constructor Deserialization Remote Code Execution CVE-2022-40151 — xstream: Xstream to serialise XML data was vulnerable to Denial of Service attacks CVE-2022-41966 — xstream: Denial of Service by injecting recursive collections or maps based on element's hash values raising a stack overflow CVE-2022-44729 — batik: Server-Side Request Forgery vulnerability CVE-2022-44730 — batik: Server-Side Request Forgery vulnerability CVE-2023-0482 — RESTEasy: creation of insecure temp files CVE-2023-3635 — okio: GzipSource class improper exception handling CVE-2023-5072 — JSON-java: parser confusion leads to OOM CVE-2023-6481 — logback: A serialization vulnerability in logback receiver CVE-2023-6717 — keycloak: XSS via assertion consumer service URL in SAML POST-binding flow CVE-2023-33201 — bouncycastle: potential blind LDAP injection attack using a self-signed certificate

🔗 References (12)