CVE-2024-37999

A vulnerability has been identified in Medicalis Workflow Orchestrator All versions. The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges...

Security Bulletin: A cross-site scripting vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-35153)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Medicalis Workflow Orchestrator Security Breach

Siemens Medicalis Workflow Orchestrator is a workflow orchestrator from Siemens Germany. It can be used as a common platform to standardize the workflow of radiologists. A security vulnerability exists in all versions of Medicalis Workflow Orchestrator that stems from the application executing as...

PT-2024-27872 · Unknown · Medicalis Workflow Orchestrator

Name of the Vulnerable Software and Affected Versions: Medicalis Workflow Orchestrator All versions Description: A vulnerability has been identified in the affected application, which executes as a trusted account with high privileges and network access. This could allow an authenticated local...

Security Bulletin: Denial of Service vulnerabilities in Apache Commons Compress affect IBM Business Automation Workflow - CVE-2024-25710, CVE-26308

Summary IBM Business Automation Workflow is vulnerable to denial of service attacks. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file,...

Security Bulletin: Vulnerability affect IBM Business Automation Workflow - CVE-2024-37528

Summary IBM Business Automation Workflow Center is vulnerable to a Cross.Site Scripting attack. Vulnerability Details CVEID:CVE-2024-37528 DESCRIPTION: IBM CP4BA - Business Automation Studio Component is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - Apr 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V23.0.2. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22354

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Exploit for CVE-2024-39211

CVE-2024-39211 Kaiten User Enumeration Kaitenhttps://kait...

Improper Enforcement Of Behavioral Workflow

aimeos/ai-controller-frontend is vulnerable to Improper Enforcement of Behavioral Workflow. The vulnerability is due to not resetting the payment status of a user's basket after the user completes a purchase...

CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods

trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...

A week in security (June 24 – June 30)

Last week on Malwarebytes Labs: TEMU sued for being "dangerous malware" by Arkansas Attorney General Driving licences and other official documents leaked by authentication service used by Uber, TikTok, X, and more "Poseidon" Mac stealer distributed via Google ads Federal Reserve "breached" data m...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-37532)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...

The vulnerability of the software for FileCatalyst Workflow’s file exchange mechanism lies in the lack of protective measures for the SQL query structure, allowing attackers to exploit their privileges.

The vulnerability of the FileCatalyst Workflow file sharing software relates to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to enhance their privileges by injecting specially crafted SQL queries...

Fortra FileCatalyst Workflow SQLi (CVE-2024-5276) (Version Check)

The version of Fortra FileCatalyst Workflow running on the remote host is prior to 5.1.6 Build 139. It is, therefore, is affected by a SQL injection vulnerability. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2024-5276

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

CVE-2024-5276 SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

CVE-2024-5276 SQL Injection Vulnerability in FileCatalyst Workflow 5.1.6 Build 135 (and earlier)

A SQL Injection vulnerability in Fortra FileCatalyst Workflow allows an attacker to modify application data. Likely impacts include creation of administrative users and deletion or modification of data in the application database. Data exfiltration via SQL injection is not possible using this...

Malicious code in u-workflow.module.common.project-config (npm)

--- -= Per source details. Do not edit below this line.=-...