CVE-2024-5731

CVE-2024-5731 affects Trellix IPS Manager, Central Manager, and Local Manager communications. The vulnerability arises from the request flow where an attacker can manipulate a parameter to change the destination of a request, exposing sensitive information. Current documents provide high-level im...

Security Bulletin: Spring vulnerability in embedded components may affect IBM Business Automation Workflow - CVE-2024-22243

Summary IBM Business Automation Workflow is vulnerable to a open redirect attack. Vulnerability Details CVEID:CVE-2024-22243 DESCRIPTION: VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability when using UriComponentsBuild...

SUSE CVE-2024-4253

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2023-51775

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51775 DESCRIPTION: jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit...

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

CVE-2024-4254

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

CVE-2024-4254 Secrets Exfiltration in gradio-app/gradio

The 'deploy-website.yml' workflow in the gradio-app/gradio repository, specifically in the 'main' branch, is vulnerable to secrets exfiltration due to improper authorization. The vulnerability arises from the workflow's explicit checkout and execution of code from a fork, which is unsafe as it...

CVE-2024-4253 Command Injection in gradio-app/gradio

A command injection vulnerability exists in the gradio-app/gradio repository, specifically within the 'test-functional.yml' workflow. The vulnerability arises due to improper neutralization of special elements used in a command, allowing for unauthorized modification of the base repository or...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2024-25710, CVE-2024-26308

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an infinite loop flaw. By persuading a victim to open a specially crafted DUMP file...

Security Bulletin: Multiple vulnerabilities in eclipse jetty affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of the eclipse jetty library. Vulnerability Details CVEID:CVE-2020-27216 DESCRIPTION: Eclipse Jetty could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition in the creati...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-27270

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a cross-site...

Security Bulletin: Multiple vulnerabilities in angular.js affect IBM Business Automation Workflow.

Summary IBM Business Automation Workflow packages a vulnerable copy of angular.js. Vulnerability Details CVEID:CVE-2023-26117 DESCRIPTION: AngularJS is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the $resource service. By providing...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-22353

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2023-50312

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-25026

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Weaker than expected security vulnerability affect IBM Business Automation Workflow - CVE-2024-22329

Summary IBM WebSphere Application Server Liberty profile is shipped with Process Federation Server and User Management Services in IBM Business Automation Workflow traditional. IBM Business Automation Workflow containers build upon IBM WebSphere Liberty profile. Information about a security...

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details CVEID:CVE-2024-28849 DESCRIPTION: Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the leakage...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2024-27268

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...