Security Bulletin: IBM Master Data Management vulnerable to a denial of Service vulnerability from jose4j in IBM Business Automation Workflow

Summary IBM Master Data Management v14.0 is vulnerable to a denial of Service vulnerability from jose4j in IBM Business Automation Workflow. jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit...

Security Bulletin: IBM Master Data Management Server vulnerable to a denial of service from IBM Business Workflow Automation Event Emitters using snappy

Summary IBM Master Data Management version 14.0 is vulnerable to a denial of service from a package of snappy being used in IBM Business Workflow Automation Event Emitters. snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a speciall...

CVE-2024-51735

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

CVE-2024-51735

CVE-2024-51735 affects Osmedeus Web Server. The issue is a Stored XSS in the web UI when viewing workflow results, where unfiltered content in the generated HTML/Markdown reports can execute commands on the host. The root cause is improper filtering of file contents used in the report generation ...

CVE-2024-51735 Stored Cross-site Scripting to RCE on Osmedeus Web Server

Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdow...

GHSA-WVV7-WM5V-W2GV Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the...

Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE

Summary XSS occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. Details When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the...

Eval Injection

Overview agentscope is an AgentScope: A Flexible yet Robust Multi-Agent Platform. Affected versions of this package are vulnerable to Eval Injection via the result = evals field of the iscallableexpression function in the agentscope\web\workstation\workflowutils.py file. An attacker can execute...

GHSA-6P55-QR3J-MPGQ AgentScope uses `eval`

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

CVE-2024-48050

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

PYSEC-2024-262

In agentscope =v0.0.4, the file agentscope\web\workstation\workflowutils.py has the function iscallableexpression. Within this function, the line result = evals poses a security risk as it can directly execute user-provided commands...

CVE-2024-10617

A vulnerability classified as critical was found in Tongda OA up to 11.10. This vulnerability affects unknown code of the file /pda/workflow/checkseal.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the publi...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system of China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from an SQL injection vulnerability in the saleId parameter of the /pda/workflow/webSignSubmit.php page...

TONGDA Office Anywhere SQL注入漏洞

TONGDA Office Anywhere is a collaborative office OA system from China Tongda TONGDA. TONGDA Office Anywhere suffers from a SQL injection vulnerability, which originates from the ID parameter of the /pda/workflow/checkseal.php page containing a SQL injection vulnerability...

Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP

The shift of business applications and infrastructure to the cloud has heightened the need for security teams to manage cyber risks comprehensively, ensuring visibility and control across diverse cloud environments. As organizations increasingly adopt multi-cloud environments, they often find...

The essential steps for cloud vulnerability management

Prioritizing vulnerabilities in the cloud can be overwhelming - Learn how teams adopt a workflow structured for speed and accuracy...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - July 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V24.0.0. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

Security Bulletin: Vulnerability in dojo affects IBM Business Automation Workflow - CVE-2021-23450

Summary IBM Business Automation Workflow packages an outdated version of dojo. A security addressing CVE-2021-23450 has been back ported to this version. Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a...

CVE-2024-47827

A flaw was found in Argo Workflows. Due to a race condition in a global variable, the Argo Workflows controller can crash on command by any user with access to execute a workflow, which can lead to a denial of service...