Business process management suite
This hub aggregates every CVE we track for Business process management suite, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.
35
CVEs tracked
10
Critical
14
High
0
In CISA KEV
Severity distribution
HIGH14MEDIUM11CRITICAL10
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Business process management suite.
- CVE-2026-34284Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2....6.1
- CVE-2022-23307A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.8.8
- CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8
- CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8
- CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5
- CVE-2021-37714Crafted input may cause the jsoup HTML and XML parser to get stuck, timeout, or throw unchecked exceptions7.5
- CVE-2021-36090Apache Commons Compress 1.0 to 1.20 denial of service vulnerability7.5
- CVE-2021-35517Apache Commons Compress 1.1 to 1.20 denial of service vulnerability7.5
- CVE-2021-35516Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5
- CVE-2021-35515Apache Commons Compress 1.6 to 1.20 denial of service vulnerability7.5
- CVE-2020-17521Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method...5.5
- CVE-2020-1945Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. T...6.3
- CVE-2020-10683dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing ...9.8
- CVE-2020-1951A carefully crafted or corrupt PSD file can cause an infinite loop in Apache Tika's PSDParser in versions 1.0-1.23.5.5
- CVE-2020-1950A carefully crafted or corrupt PSD file can cause excessive memory usage in Apache Tika's PSDParser in versions 1.0-1.23.5.5
Product normalization is registry-driven with AI assist and human review. How it works