PT-2026-42770

Directory traversal in Follett Software's Destiny Library Manager 22 0 2 rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter...

PT-2025-5685 · Ibm · Ibm Cloud Pak For Business Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

PT-2024-27942 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 24.0.0 Description: The issue concerns the storage of potentially sensitive information in log files under certain situations, which could be read by an authenticated user. This may lea...

CVE-2023-35899

CVE-2023-35899 affects IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2. The issue is a CSV injection vulnerability caused by improper validation of CSV file contents, enabling a remote attacker to execute arbitrary commands on the system. Affected products/versions (per sources) inclu...

PT-2024-12521 · Ibm · Ibm Cloud Pak For Automation

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Automation versions 18.0.0 through 22.0.2 Description: The issue is caused by improper validation of csv file contents, allowing a remote attacker to execute arbitrary commands on the system. This can lead to unauthorized...

PT-2024-12715 · Ibm · Ibm Cloud Pak Foundational Services Identity Provider

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak Foundational Services Identity Provider idP API versions 18.0.0 through 22.0.2 Description: The issue allows an unauthenticated attacker to perform CRUD operations using an invalid token, potentially enabling them to view, updat...

CVE-2023-50947

IBM Business Automation Workflow (BBWA) is affected by CVE-2023-50947, a cross-site scripting vulnerability in the Web UI. The NVD/IBM sources indicate affected versions are 22.0.2, 23.0.1, and 23.0.2, with the issue allowing embedding of arbitrary JavaScript in the Web UI and potentially exposin...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service due to commons-fileupload-1.4.jar (CVE-2023-24998)

Summary The fix includes a new version of the commons-fileupload jar file that resolves the specified vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts ...

CVE-2023-22860

IBM Cloud Pak for Business Automation is affected by CVE-2023-22860, a stored cross-site scripting vulnerability that allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. The issue affects multiple releases, including 18.0.x ...

IBM Cloud Pak for Business Automation 跨站脚本漏洞

IBM Cloud Pak for Business Automation is a modular set of integrated software components from International Business Machines IBM, built for any hybrid cloud, designed to automate work and accelerate business growth. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2,...

IBM Business Automation Workflow 路径遍历漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A path traversal vulnerability exists in IBM...

CVE-2022-43864

IBM Business Automation Workflow 22.0.2 is affected by a path traversal vulnerability that can be exploited via crafted URLs containing /../. The issue, described as a remote directory traversal, affects IBM Business Automation Workflow traditional and container deployments (22.0.2) and is addres...

net-snmp security update

5.3.2.2-22.0.2.el510.1 - hrProcessorLoad returns incorrect values for CPUs greater than 100 Jason Luan Orabug 17792842 - snmptrapd: Fix crash due to access of freed memory John Haxby orabug 14391194 - suppress spurious asserts on 32bit Greg Marsden 5.3.2.2-20.1 - Fixed CVE-2012-6151: snmpd crashi...