PT-2024-28959 · Nuclei · Nuclei

Name of the Vulnerable Software and Affected Versions: Nuclei versions prior to 3.3.0 Description: A way to execute code templates without the -code option and signature has been discovered in Nuclei. This issue affects some web applications that inherit from Nuclei and allow users to edit and...

The vulnerability of the Auto-attach Option Handler component of the JetBrains YouTrack software for managing projects and tasks allows a hacker to enable the automatic attachment of this option to work processes.

The vulnerability of the Auto-attach Option Handler component in the JetBrains YouTrack project and task management software is related to the absence of authentication. Exploiting this vulnerability allows a malicious actor to enable the automatic attachment option to the workflow processes...

CVE-2024-39700

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700 Remote Code Execution (RCE) vulnerability in jupyterlab extension template `update-integration-tests` GitHub Action

JupyterLab extension template is a copier template for JupyterLab extensions. Repositories created using this template with test option include update-integration-tests.yml workflow which has an RCE vulnerability. Extension authors hosting their code on GitHub are urged to upgrade the template to...

CVE-2024-39700

CVE-2024-39700 describes a remote code execution in the JupyterLab extension template copier, specifically in the update-integration-tests.yml workflow of the JupyterLab extension template used to bootstrap projects. The RCE is linked to repositories created with the template’s test option. Affec...

Security Bulletin: Multiple vulnerabilities in IBM Business Automation Workflow Machine Learning Server are addressed with 23.0.2-IF004

Summary In addition to updates to operating system level packages, IBM Business Automation Workflow Machine Learning Server 23.0.2-IF004 addresses the following vulnerabilities. Vulnerability Details CVEID:CVE-2024-35195 DESCRIPTION: Psf Requests could allow a local authenticated attacker to bypa...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-35154)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689

The CVE-2024-34689 issue affects SAP Business Workflow’s WebFlow Services. An authenticated attacker can enumerate HTTP endpoints accessible on the internal network by sending specially crafted HTTP requests, leading to information disclosure. The impact is limited to confidentiality (information...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

CVE-2024-34689 [CVE-2024-34689] Server-Side Request Forgery in SAP Business Workflow (WebFlow Services)

WebFlow Services of SAP Business Workflow allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in information disclosure. It has no impact on integrity and availability of th...

SAP Business Workflow 安全漏洞

SAP Business Workflow is a key component for executing business processes from SAP Germany that allows users to design, implement and manage business processes, ensure process compliance and reduce the need for manual operations through automation. An information disclosure vulnerability exists i...

CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...

CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...

CVE-2024-37999

The CVE-2024-37999 entry concerns Medicalis Workflow Orchestrator (All versions) running as a trusted high-privilege account. Connected sources corroborate an authenticated local attacker could escalate privileges; no explicit root-cause details or concrete remediation are provided in the documen...

CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...