Redhat Business-Central vulnerabilities

CVE-2019-14840 [HIGH] CWE-522 CVE-2019-14840: A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.

CVE-2019-14841 [HIGH] CWE-281 CVE-2019-14841: A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console.

CVE-2019-14839 [HIGH] CWE-200 CVE-2019-14839: It was observed that while login into Business-central console, HTTP request discloses sensitive inf It was observed that while login into Business-central console, HTTP request discloses sensitive information like username and password when intercepted using some tool like burp suite etc.

CVE-2021-20306 [MEDIUM] CWE-863 CVE-2021-20306: A flaw was found in the BPMN editor in version jBPM 7 A flaw was found in the BPMN editor in version jBPM 7.51.0.Final. Any authenticated user from any project can see the name of Ruleflow Groups from other projects, despite the user not having access to those projects. The highest threat from this vulnerability is to confidentiality.