Redhat Process Automation vulnerabilities

CVE-2020-1714 [HIGH] CWE-20 CVE-2020-1714: A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInp A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

CVE-2019-14892 [CRITICAL] CWE-200 CVE-2019-14892: A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.

CVE-2019-14863 [MEDIUM] CWE-79 CVE-2019-14863: There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the conte There is a vulnerability in all angular versions before 1.5.0-beta.0, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.

CVE-2019-14862 [MEDIUM] CWE-79 CVE-2019-14862: There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of There is a vulnerability in knockout before version 3.5.0-beta, where after escaping the context of the web application, the web application delivers data to its users along with other trusted dynamic content, without validating it.