217 matches found
Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
GHSA-8GQP-HR9G-PG62 Conductor vulnerable to OS command injection through unrestricted access to Java classes
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the ScriptEvaluator process. An attacker can execute arbitrary operating system commands by injecting malicious JavaScript code. Remediation Upgrade org.conductoross:java-sdk to version 3.21.13 or higher...
CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
CVE-2025-26074
Orkes Conductor v3.21.11 is affected. The issue arises from unrestricted access to Java classes, enabling remote command execution via the ScriptEvaluator path (inline JavaScript injection). Impact is OS command execution with high severity per CVSS, with network attack vector and no user interac...
CVE-2025-26074
Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...
Conductor 安全漏洞
Conductor is an event-driven orchestration platform for the Orkes community. A security vulnerability exists in Conductor version v3.21.11, which stems from unrestricted access to Java classes and could lead to the execution of arbitrary OS commands...
PT-2025-27453 · Orkes · Orkes Conductor
Name of the Vulnerable Software and Affected Versions: Orkes Conductor version 3.21.11 Description: The issue allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes. This can lead to remote code execution in Orkes Conductor. Recommendations: Update to...
DEBIAN-CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
UBUNTU-CVE-2025-44021
OpenStack Ironic before 29.0.1 can write unintended files to a target node disk during image handling if a deployment was performed via the API. A malicious project assigned as a node owner can provide a path to any local file readable by ironic-conductor, which may then be written to the target...
Security Bulletin: Apache Log4j vulnerability (CVE-2021-4422) addressed in IBM Watson Machine Learning Accelerator
Summary Apache Log4j, which is used by and included with IBM Watson Machine Learning Accelerator , contains security vulnerability issue CVE-2021-44228. This bulletin provides mitigations for the Log4Shell vulnaribility CVE-2021-44228 by applying workaround steps to IBM Watson Machine Learning...
The vulnerability of the application software interfaces of Session Smart Router and WAN Assurance, Session Smart Conductor, relates to bypassing the authentication process by using an alternative path or channel. This allows a perpetrator to gain full control over the device.
The vulnerability of the Application Programming Interface of routers like Session Smart Router and WAN Assurance, Session Smart Conductor, lies in the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor,...
CVE-2025-27084
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting XSS attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the...
PT-2025-6925
Name of the Vulnerable Software and Affected Versions Juniper Networks Session Smart Router versions 5.6.7 through 5.6.16 Juniper Networks Session Smart Router versions 6.0.8 Juniper Networks Session Smart Router versions 6.1 through 6.1.11-lts Juniper Networks Session Smart Router versions 6.2...
Malicious code in conductor-utils (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware debe53d4542ba37ede81c11f2616cddddf8770ea090f4b3d16482b831a489937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Juniper Networks Releases Critical Security Update for Routers
Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication bypass in some of its routers. The vulnerability, tracked as CVE-2024-2973, carries a CVSS score of 10.0, indicating maximum severity. "An Authentication Bypass Usin...
The vulnerability of the application software interfaces of Session Smart Router and WAN Assurance, Session Smart Conductor, relates to bypassing the authentication process by using an alternative path or channel. This allows a perpetrator to gain full control over the device.
The vulnerability of the Application Programming Interface of routers like Session Smart Router and WAN Assurance, Session Smart Conductor, lies in the ability to bypass authentication procedures by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor,...
CVE-2024-2973
An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router or conductor running with a redundant peer allows a network based attacker to bypass authentication and take full control of the device. Only routers or conductors that are running i...