Red Hat: RHSA-2020-0132-01 Moderate: Process Automation Manager Security
red hat
January 16, 2020
An update is now available for Red Hat Process Automation Manager
Solution
For on-premise installations, before applying the update, back up your
existing installation, including all applications, configuration files,
databases and database settings, and so on.
It is recommended to halt the server by stopping the JBoss Application
Server process before installing this update; after installing the update,
restart the server by starting the JBoss Application Server process.
The References section of this erratum contains a download link (you must
log in to download the update).
Summary
Red Hat Process Automation Manager is an open source business process
management suite that combines process management and decision service
management and enables business and IT users to create, manage, validate,
and deploy process applications and decision services.
This release of Red Hat Process Automation Manager 7.6.0 serves as an
update to Red Hat Process Automation Manager 7.5.1, and includes bug fixes
and enhancements, which are documented in the Release Notes document linked
to in the References.
Security Fix(es):
* bootstrap: XSS in the affix configuration target property
(CVE-2018-20677)
* bootstrap: XSS in the data-target attribute (CVE-2016-10735)
* bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
* Business-central: Encrypted password shown under Object id 7 of
errai_security_context (CVE-2019-14886)
For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.
Topics Covered
References
https://access.redhat.com/security/cve/CVE-2016-10735 https://access.redhat.com/security/cve/CVE-2018-20676 https://access.redhat.com/security/cve/CVE-2018-20677 https://access.redhat.com/security/cve/CVE-2019-14886 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions&product=rhpam&version=7.6.0 https://access.redhat.com/documentation/en-us/red_hat_process_automation_manager/7.6/html/release_notes_for_red_hat_process_automation_manager_7.6/index
Package List
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Advisory ID: RHSA-2020:0132-01
Product: Red Hat Process Automation Manager
Advisory URL: https://access.redhat.com/errata/RHSA-2020:0132
Issue date: 2020-01-16
Topic
An update is now available for Red Hat Process Automation Manager.Red Hat Product Security has rated this update as having a security impactof Moderate. A Common Vulnerability Scoring System (CVSS) base score, whichgives a detailed severity rating, is available for each vulnerability fromthe CVE link(s) in the References section.
Topics Covered
Relevant Releases Architectures
Bugs Fixed
1668082 - CVE-2018-20676 bootstrap: XSS in the tooltip data-viewport attribute
1668089 - CVE-2018-20677 bootstrap: XSS in the affix configuration target property
1668097 - CVE-2016-10735 bootstrap: XSS in the data-target attribute
1771354 - CVE-2019-14886 Business-central: Encrypted password shown under Object id 7 of errai_security_context
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!