Vulnerabilities (CVE)

Filtered by vendor Redhat Subscribe
Filtered by product Openshift
Total 171 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-22593 2 Ibm, Redhat 2 Robotic Process Automation, Openshift 2024-11-06 N/A 7.8 HIGH
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to security misconfiguration of the Redis container which may provide elevated privileges. IBM X-Force ID: 244074.
CVE-2024-1485 2 Devfile, Redhat 3 Registry-support, Openshift, Openshift Developer Tools And Services 2024-10-21 N/A 9.3 CRITICAL
A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed.
CVE-2023-44487 32 Akka, Amazon, Apache and 29 more 311 Http Server, Opensearch Data Prepper, Apisix and 308 more 2024-08-14 N/A 7.5 HIGH
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2016-3721 2 Jenkins, Redhat 2 Jenkins, Openshift 2024-07-03 4.0 MEDIUM 4.3 MEDIUM
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
CVE-2023-43058 2 Ibm, Redhat 3 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Openshift 2024-02-28 N/A 9.8 CRITICAL
IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.
CVE-2023-35900 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-02-28 N/A 5.3 MEDIUM
IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.
CVE-2023-38734 3 Ibm, Microsoft, Redhat 3 Robotic Process Automation, Windows, Openshift 2024-02-28 N/A 9.8 CRITICAL
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 is vulnerable to incorrect privilege assignment when importing users from an LDAP directory. IBM X-Force ID: 262481.
CVE-2023-38732 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-02-28 N/A 4.3 MEDIUM
IBM Robotic Process Automation 21.0.0 through 21.0.7 server could allow an authenticated user to view sensitive information from application logs. IBM X-Force ID: 262289.
CVE-2023-38733 3 Ibm, Microsoft, Redhat 3 Robotic Process Automation, Windows, Openshift 2024-02-28 N/A 4.3 MEDIUM
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 and 23.0.0 through 23.0.1 server could allow an authenticated user to view sensitive information from installation logs. IBM X-Force Id: 262293.
CVE-2023-35901 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-02-28 N/A 5.3 MEDIUM
IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.
CVE-2023-40370 3 Ibm, Microsoft, Redhat 4 Robotic Process Automation, Robotic Process Automation For Cloud Pak, Windows and 1 more 2024-02-28 N/A 5.3 MEDIUM
IBM Robotic Process Automation 21.0.0 through 21.0.7.1 runtime is vulnerable to information disclosure of script content if the remote REST request computer policy is enabled. IBM X-Force ID: 263470.
CVE-2023-23468 2 Ibm, Redhat 2 Robotic Process Automation, Openshift 2024-02-28 N/A 5.5 MEDIUM
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.
CVE-2023-27540 2 Ibm, Redhat 3 Cloud Pak For Data, Watson Cp4d Data Stores, Openshift 2024-02-28 N/A 7.5 HIGH
IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.
CVE-2022-36769 2 Ibm, Redhat 2 Cloud Pak For Data, Openshift 2024-02-28 N/A 7.2 HIGH
IBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.
CVE-2023-0229 1 Redhat 1 Openshift 2024-02-28 N/A 6.3 MEDIUM
A flaw was found in github.com/openshift/apiserver-library-go, used in OpenShift 4.12 and 4.11, that contains an issue that can allow low-privileged users to set the seccomp profile for pods they control to "unconfined." By default, the seccomp profile used in the restricted-v2 Security Context Constraint (SCC) is "runtime/default," allowing users to disable seccomp for pods they can create and modify.
CVE-2022-43573 3 Ibm, Microsoft, Redhat 5 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak and 2 more 2024-02-28 N/A 5.3 MEDIUM
IBM Robotic Process Automation 20.12 through 21.0.6 is vulnerable to exposure of the name and email for the creator/modifier of platform level objects. IBM X-Force ID: 238678.
CVE-2023-0296 1 Redhat 1 Openshift 2024-02-28 N/A 5.3 MEDIUM
The Birthday attack against 64-bit block ciphers flaw (CVE-2016-2183) was reported for the health checks port (9979) on etcd grpc-proxy component. Even though the CVE-2016-2183 has been fixed in the etcd components, to enable periodic health checks from kubelet, it was necessary to open up a new port (9979) on etcd grpc-proxy, hence this port might be considered as still vulnerable to the same type of vulnerability. The health checks on etcd grpc-proxy do not contain sensitive data (only metrics data), therefore the potential impact related to this vulnerability is minimal. The CVE-2023-0296 has been assigned to this issue to track the permanent fix in the etcd component.
CVE-2022-42439 4 Ibm, Linux, Microsoft and 1 more 6 Aix, App Connect Enterprise, App Connect Enterprise Certified Container and 3 more 2024-02-28 N/A 4.9 MEDIUM
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party system’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.
CVE-2022-3262 1 Redhat 1 Openshift 2024-02-28 N/A 8.1 HIGH
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
CVE-2023-22592 2 Ibm, Redhat 2 Robotic Process Automation For Cloud Pak, Openshift 2024-02-28 N/A 7.8 HIGH
IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.4 could allow a local user to perform unauthorized actions due to insufficient permission settings. IBM X-Force ID: 244073.