Decision manager

This hub aggregates every CVE we track for Decision manager, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Decision manager.

• CVE-2023-6717Keycloak: xss via assertion consumer service url in saml post-binding flow6.0Apr 25, 2024
• CVE-2023-26159Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error, ...7.3Jan 2, 2024
• CVE-2023-45648Apache Tomcat: Trailer header parsing too lenient5.3Oct 10, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2022-4245Codehaus-plexus: xml external entity (xxe) injection4.3Sep 25, 2023
• CVE-2022-4244Codehaus-plexus: directory traversal7.5Sep 25, 2023
• CVE-2023-4853Quarkus: http security policy bypass8.1Sep 20, 2023
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2022-1415Drools: unsafe data deserialization in streamutils8.1Sep 11, 2023
• CVE-2023-35116jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that ...4.7Jun 14, 2023
• CVE-2021-46877jackson-databind 2.10.x through 2.12.x before 2.12.6 and 2.13.x before 2.13.1 allows attackers to cause a denial of service (2 GB transient heap usage per read) in uncommon situations involving Jso...7.5Mar 18, 2023
• CVE-2022-41966XStream Denial of Service via stack overflow 8.2Dec 27, 2022
• CVE-2019-14841A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Co...8.8Oct 17, 2022
• CVE-2019-14840A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials.7.5Oct 17, 2022
• CVE-2022-40152Stack Buffer Overflow in Woodstox6.5Sep 16, 2022