Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 24.0.0-IF001

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 24.0.0-IF001 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-6345 DESCRIPTION: pypa/setuptools could allow a remote attacker to execute arbitra...

IBM Business Automation Workflow Log Information Disclosure Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow suffers from a lo...

CVE-2024-38321

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868...

CVE-2024-38321

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868...

CVE-2024-38321

Summary (CVE-2024-38321) : IBM Business Automation Workflow stores potentially sensitive information in log files under certain conditions, which could be read by an authenticated user. This affects IBM Cloud Pak for Business Automation components and traditional/workflow variants (versions inclu...

CVE-2024-38321 IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868...

CVE-2024-38321 IBM Business Automation Workflow information disclosure

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2024-40898, CVE-2024-40725)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

PT-2024-27942 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 24.0.0 Description: The issue concerns the storage of potentially sensitive information in log files under certain situations, which could be read by an authenticated user. This may lea...

CVE-2024-41127

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

CVE-2024-41127

CVE-2024-41127 affects Monkeytype via its GitHub Actions workflow ci-failure-comment.yml. A vulnerability in the workflow’s handling of the artifact variable (./pr_num/pr_num.txt) allows interpolation into a JS script after the value is not validated as a number, enabling an attacker to gain writ...

CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

CVE-2024-41127 Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its `ci-failure-comment.yml` GitHub Workflow, enabling attackers to gain `pull-requests` write access.

Monkeytype is a minimalistic and customizable typing test. Monkeytype is vulnerable to Poisoned Pipeline Execution through Code Injection in its ci-failure-comment.yml GitHub Workflow, enabling attackers to gain pull-requests write access. The ci-failure-comment.yml workflow is triggered when the...

Digiwin EasyFlow .NET 安全漏洞

NET is an enterprise-class workflow management platform from Digiwin. A security vulnerability exists in Digiwin EasyFlow .NET due to a lack of proper access control to a specific feature and the feature does not adequately filter user input, which can be exploited by a remote attacker with regul...

OS Command Injection

Nuclei is vulnerable to OS Command Injection. The vulnerability is due to the -code option in code templates, allowing users to edit and execute workflow files in some web applications, leading to arbitrary command execution...

How to Set up an Automated SMS Analysis Service with AI in Tines

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization's security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it...

SAP Business Workflow Information Disclosure Vulnerability

SAP Business Workflow is a key component for executing business processes from SAP Germany that allows users to design, implement and manage business processes, ensure process compliance and reduce the need for manual operations through automation. An information disclosure vulnerability exists i...

GHSA-C3Q9-C27P-CW9H projectdiscovery/nuclei allows unsigned code template execution through workflows

Summary Find a way to execute code template without -code option and signature. Details write a code.yaml: yaml id: code info: name: example code template author: ovi3 code: - engine: - sh - bash source: | id http: - raw: - | POST /re HTTP/1.1 Host: Hostname coderesponse workflows: - matchers: -...