GHSA-3MFQ-FP2F-VWQH Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

CVE-2024-38002

The CVE-2024-38002 issue affects Liferay Portal and Liferay DXP, where the workflow component does not properly enforce permission checks when updating a workflow definition via the headless API. This allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE...

CVE-2024-38002

The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote...

PT-2024-27874

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.2 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.5 Liferay DXP versions 2023.Q3.1 through 2023.Q3.8 Liferay DXP 7.4 GA through update 92 Liferay DXP 7.3 GA through update 36 Description The workflo...

PT-2024-3435 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue exists due to insufficient input validation in the Workflow component of Oracle PeopleSoft Enterprise PeopleTools. This allows a remote attacker to gain read,...

The vulnerability of the Worklist sub-component of the Workflow component in the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Worklist sub-component of the Workflow component in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information using the...

CVE-2020-17542

Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...

Cross site scripting

Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...

CVE-2020-17542

Cross Site Scripting XSS in dotCMS v5.1.5 allows remote attackers to execute arbitrary code by injecting a malicious payload into the "Task Detail" comment window of the "/dotAdmin//c/workflow" component...

JetBrains YouTrack Server-Side Request Forgery Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A server-side request forgery vulnerability exists in the workflow component of JetBrains...

CVE-2020-15823

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...

Design/Logic Flaw

JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component...

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application package allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the HTTP...