Emerson OSE Exposure of Sensitive Information to an Unauthorized Actor (CVE-2013-0693)

The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier performs network-beacon broadcasts, which allows remote attackers to obtain potentially sensitive informati...

Emerson OSE Code Injection (CVE-2013-0689)

The TFTP server on the Emerson Process Management ROC800 RTU with software 3.50 and earlier, DL8000 RTU with software 2.30 and earlier, and ROC800L RTU with software 1.20 and earlier allows remote attackers to upload files and consequently execute arbitrary code via unspecified vectors. This plug...

File Upload Vulnerability in Collaborative Office Platform of Microsoft Technology (Hangzhou) Co.

Microsoft Technology Hangzhou Co., Ltd. is a professional ECM Collaboration Management Software and BPM Business Process Management Software R & D and solution provider. A file upload vulnerability exists in the Collaboration Office platform of Microhome Software Technology Hangzhou Co., Ltd, whi...

Pega Infinity patches authentication vulnerability

Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...

[SECURITY] Fedora 34 Update: ksysguard-5.21.3-1.fc34

KDE Process Management application...

Fedora: Security Advisory for ksysguard (FEDORA-2021-85c9774673)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Micro Focus Solutions Business Manager Cross-Site Scripting Vulnerability (CNVD-2021-18312)

Micro Focus Solutions Business Manager SBM, Serena Business Manager is a suite of business process automation management solutions from Micro Focus UK. The product is mainly used for process automation, including software development lifecycle and IT business process management. A cross-site...

Important: Red Hat Security Advisory: Red Hat Process Automation Manager 7.10.0 security update

An update is now available for Red Hat Process Automation Manager. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the C...

Oracle Business Process Management Suite (Jan 2021 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the January 2021 CPU advisory: - An XML External Entity XXE vulnerability exists in the dom4j library which allows DTDs and external entities by...

Oracle Business Process Management Suite (Oct 2020 CPU)

The version of Oracle Business Process Management Suite installed on the remote host is affected by the following vulnerabilities as referenced in the October 2020 CPU advisory: - Vulnerability in the Runtime Engine Application Development Framework. An unauthenticated, remote attacker with netwo...

Security Bulletin: Atlas eDiscovery Process Management(6.0.1.x and 6.0.2.x versions) is affected by a vulnerable Apache Commons Beanutils in WebSphere Application Server

Abstract This Fix Readme includes instructions to upgrading the Apache Commons Beanutils jar to v1.9.4 for Atlas eDiscovery Process Management6.0.1.x and 6.0.2.x versions Content PSIRT details: PRID: PVR0203016, Advisory ADV0020809 - Apache Commons Beanutils Vulnerability CVEID: CVE-2019-10086 CV...

The vulnerability of the Process Management component of the Oracle GoldenGate data flow management tool allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Process Management component of the Oracle GoldenGate data flow management tool is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the integrity, availability, and confidentiality o...

CVE-2020-14705

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate component: Process Management. The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

Buffer overflow

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate component: Process Management. The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

CVE-2020-14705

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate component: Process Management. The supported version that is affected is Prior to 19.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

CVE-2020-14705

CVE-2020-14705 affects Oracle GoldenGate (Process Management) before version 19.1.0.0.0. The vulnerability allows an unauthenticated attacker with access to the physical communication segment attached to the hardware running GoldenGate to compromise it, potentially taking over the Oracle GoldenGa...

CVE-2020-15367

Venki Supravizio BPM 10.1.2 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page...

Oracle Business Process Management Installed

Binary data oraclebpminstalled.nbin...

Security Bulletin: Atlas eDiscovery Process Management is affected by a vulnerable to Apache Commons Beanutils in WebSphere Application Server

Summary In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the...

xstream: remote code execution due to insecure XML deserialization (regression of CVE-2013-7285)

It was found that xstream API version 1.4.10 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. This a regression of...