CVE-2019-14841

CWE-2815 documents5 sources

Severity

8.8HIGH

EPSS

0.3%

top 43.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Decision Manager Redhat Process Automation

Timeline

PublishedOct 17

Description

A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5business-centralBusiness-central as shipped in RHDM 7 and RHPAM 7

▶NVDredhat/decision_manager7.0

▶NVDredhat/process_automation7.0

🔴Vulnerability Details

GHSA

GHSA-hcqh-2x7m-p53x: A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header↗2022-10-17

▶

CVEList

CVE-2019-14841: A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header↗2022-10-17

▶

📋Vendor Advisories

Red Hat

RHDM: admin console auth bypass↗2021-07-15

▶

💬Community

Bugzilla

CVE-2019-14841 RHDM: admin console auth bypass↗2019-08-22

▶