CVE-2022-0853

HIGH

Redhat Descision Manager - Memory Leak

Title source: rule

Description

A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.

Exploits (2)

nomisec WRITEUP 9 stars

by ByteHackr · poc

https://github.com/ByteHackr/CVE-2022-0853

View Code ZIP pw:eip

gitlab WRITEUP

by bytehackr · poc

https://gitlab.com/bytehackr/CVE-2022-0853

View Code ZIP pw:eip

References (2)

[Issue Tracking, Vendor Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2060725

[Exploit, Third Party Advisory] https://github.com/ByteHackr/CVE-2022-0853

Scores

CVSS v3 7.5

EPSS 0.0131

EPSS Percentile 79.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-401

Status published

Products (5)

redhat/descision_manager 7.0

redhat/jboss_enterprise_application_platform 7.0.0

redhat/jboss_enterprise_application_platform_expansion_pack

redhat/process_automation 7.0

redhat/single_sign-on 7.0

Published Mar 11, 2022

Tracked Since Feb 18, 2026