Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

automation_manager

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

6
Related CVEsRelated VendorsRelated AssignersReports
0Vulnerabilities found
CVE-2023-37244
Assigner-Google LLC
ShareView Details
Assigner-Google LLC
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.36%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 13:21
Updated-22 Jul, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in N-Able's AutomationManagerAgent

The affected AutomationManager.AgentService.exe application contains a TOCTOU race condition vulnerability that allows standard users to create a pseudo-symlink at C:\ProgramData\N-Able Technologies\AutomationManager\Temp, which could be leveraged by an attacker to manipulate the process into performing arbitrary file deletions. We recommend upgrading to version 2.91.0.0

Action-Not Available
Vendor-n-ableN-Ablen-ableMicrosoft Corporation
Product-automation_managerwindowsAutomationManagerAgentautomation_manager_agent
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2018-12022
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.18% / 86.44%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 18:14
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.Red Hat, Inc.
Product-single_sign-ondebian_linuxjackson-databindautomation_manageropenshift_container_platformfedorajboss_brmsjboss_enterprise_application_platformretail_merchandising_systemjd_edwards_enterpriseone_toolsdecision_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-12023
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.90% / 89.18%
||
7 Day CHG~0.00%
Published-17 Mar, 2019 | 17:57
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Oracle JDBC jar in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle CorporationFasterXML, LLC.Red Hat, Inc.
Product-single_sign-ondebian_linuxjackson-databindautomation_manageropenshift_container_platformfedorajboss_brmsjboss_enterprise_application_platformretail_merchandising_systemjd_edwards_enterpriseone_toolsdecision_managern/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-19360
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.78% / 90.92%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the axis2-transport-jms class from polymorphic deserialization.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationFasterXML, LLC.Debian GNU/Linux
Product-primavera_p6_enterprise_project_portfolio_managementdebian_linuxprimavera_unifierjackson-databindautomation_managerjboss_bpm_suiteopenshift_container_platformjboss_brmsretail_workforce_management_softwarewebcenter_portaldecision_managerbusiness_process_management_suiten/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-19361
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-4.06% / 88.07%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the openjpa class from polymorphic deserialization.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationFasterXML, LLC.Debian GNU/Linux
Product-primavera_p6_enterprise_project_portfolio_managementdebian_linuxprimavera_unifierjackson-databindautomation_managerjboss_bpm_suiteopenshift_container_platformjboss_brmsretail_workforce_management_softwarewebcenter_portaldecision_managerbusiness_process_management_suiten/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2018-19362
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-6.78% / 90.92%
||
7 Day CHG~0.00%
Published-02 Jan, 2019 | 18:00
Updated-05 Aug, 2024 | 11:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

FasterXML jackson-databind 2.x before 2.9.8 might allow attackers to have unspecified impact by leveraging failure to block the jboss-common-core class from polymorphic deserialization.

Action-Not Available
Vendor-n/aRed Hat, Inc.Oracle CorporationFasterXML, LLC.Debian GNU/Linux
Product-primavera_p6_enterprise_project_portfolio_managementdebian_linuxprimavera_unifierjackson-databindautomation_managerjboss_bpm_suiteopenshift_container_platformjboss_brmsretail_workforce_management_softwarewebcenter_portaldecision_managerbusiness_process_management_suiten/a
CWE ID-CWE-502
Deserialization of Untrusted Data