Description of the security update for SharePoint Server Subscription Edition: September 10, 2024 (KB5002640)

Description of the security update for SharePoint Server Subscription Edition: September 10, 2024 KB5002640 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability, and Microsoft SharePoint Server denial of service vulnerability. To learn more about...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF002

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF002 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-5569 DESCRIPTION: zipp is vulnerable to a denial of service, caused by an infinite...

Fortra FileCatalyst Workflow HSQLDB Static Password (CVE-2024-6633)

Binary data fortrafilecatalystworkflowcve-2024-6633.nbin...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability

Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain administrative access. The vulnerability, tracked as CVE-2024-6633, carries a CVSS score of 9.8, and stems from the use of a static password to connect to a HSQL databas...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6632

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6632

CVE-2024-6632 is a SQL injection vulnerability in FileCatalyst Workflow (versions 5.1.6 and earlier) exploitable via a field accessible to the super admin, leading to potential loss of confidentiality, integrity, and availability. Root cause: insufficient input validation in a form submission dur...

CVE-2024-6632 SQL Injection in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack which can lead to a loss of confidentiality, integrity, and availability...

CVE-2024-6633

CVE-2024-6633 affects FileCatalyst Workflow prior to 5.1.7 where the setup HSQLDB uses default credentials. The issue stems from a publicly published default password that enables remote access to the HSQLDB (default TCP port 4406), potentially allowing an attacker to gain admin privileges and ac...

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

CVE-2024-6633 Insecure Default in FileCatalyst Workflow 5.1.6 Build 139 (and earlier)

The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to a compromise of confidentiality, integrity, or availability of the software. The HSQLDB is only included to facilitate...

FileCatalyst Workflow 安全漏洞

FileCatalyst Workflow is a browser-based large file transfer solution from FileCatalyst, Inc. A security vulnerability exists in FileCatalyst Workflow that originates from an SQL injection attack that can be executed by a user with super administrator privileges...

FileCatalyst Workflow 信任管理问题漏洞

FileCatalyst Workflow is a browser-based large file transfer solution from FileCatalyst, Inc. A security vulnerability exists in FileCatalyst Workflow that stems from the use of default credentials has been posted in the Vendor Knowledge Base article...

PT-2024-37762 · Filecatalyst · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions up to 5.1.6 Build 139 Description: The default credentials for the setup HSQL database HSQLDB for FileCatalyst Workflow are published in a vendor knowledgebase article. Misuse of these credentials could lead to ...

PT-2024-37761 · Unknown · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions 5.1.6 and earlier Description: A vulnerability exists in FileCatalyst Workflow whereby a field accessible to the super admin can be used to perform an SQL injection attack, which can lead to a loss of...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-50315)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...