CVE-2022-2457
CRITICALRed Hat Process Automation Manager < 7.13.2 - Unauthenticated Brute Force Attack via Administration Console
Title source: llmDescription
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=2107990#c0
Scores
CVSS v3
9.8
EPSS
0.0021
EPSS Percentile
43.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-307
Status
published
Products (1)
redhat/process_automation_manager
< 7.13.2
Published
Aug 10, 2022
Tracked Since
Feb 18, 2026