Security Bulletin: Denial of Service vulnerability in WebSphere Liberty affects IBM Business Automation Workflow - CVE-2023-51775

Summary IBM WebSphere Application Server Liberty profile is shipped with IBM Business Automation Workflow components User Management Service and Process Federation Service. Liberty is also used in containerized versions of IBM Business Automation Workflow. Liberty is vulnerable to a denial of...

GHSA-QQ99-P57R-G3V7 code injection vulnerability exists in the huggingface/text-generation-inference repository

A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the autodocs.yml workflow file. The vulnerability arises from the insecure handling of the github.headref user input, which is used to dynamically construct a command for installing ...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2024-25255)

IBM Engineering Workflow Management is an enterprise-level engineering workflow management system that provides process management, task assignment, and more. A cross-site scripting vulnerability exists in IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 that stems from insufficient...

CVE-2024-28793

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-28793

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2024-28793 IBM Engineering Workflow Management cross-site scripting

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

IBM Engineering Workflow Management 跨站脚本漏洞

IBM Engineering Workflow Management is an enterprise-level engineering workflow management system that provides process management, task assignment, and more. A cross-site scripting vulnerability exists in IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 that stems from insufficient...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793

Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2024-28793 DESCRIPTION: IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this...

Progress Software Progress MOVEit Automation 安全漏洞

Progress Software Progress MOVEit Automation is a suite of hosted file transfer software from Progress Software, USA. The software supports features such as sensitive data transfer and workflow automation. A security vulnerability exists in Progress Software Progress MOVEit Automation that stems...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-38264)

Summary Vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVE. Vulnerability Details CVEID:CVE-2023-38264 DESCRIPTION: The IBM SDK, Java Technology Edition's Object Request Broker ORB 7.1.0.0 through...

eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)

There is an XSS vulnerability in CKEditor, which is used by AlloyEditor, which is used in eZ Platform Admin UI. Scripts can be injected through specially crafted "protected" comments. We are not sure it is exploitable in eZ Platform, but recommend installing it to be on the safe side. It is fixed...

Fortra FileCatalyst Workflow Path Traversal (CVE-2024-25153)

Binary data fortrafilecatalystworkflowcve-2024-25153.nbin...

Fortra FileCatalyst Workflow Detection

Binary data fortrafilecatalystworkflowdetect.nbin...

DigiWin EasyFlow .NET SQL注入漏洞

Digiwin DigiWin EasyFlow .NET is an enterprise-level workflow management WFM platform from Digiwin Software Taiwan, China. NET suffers from a SQL injection vulnerability that stems from a lack of validation of certain input parameters, which could allow a remote attacker to inject arbitrary SQL...

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application allows a perpetrator to gain read, modify, add, or delete access to data.

The vulnerability of the Workflow component of the Oracle PeopleSoft Enterprise PeopleTools business application exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +7649 more potentially affected by CVE-2024-29857 via org.bouncycastle:bcprov-jdk18on (>=1.71 <=1.77)

org.bouncycastle:bcprov-jdk18on MAVEN version =1.71, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.4.0, =1.2.0, =1.2.0-alpha07, =2023.12.01.210510-f61f157, =2023.12.01.210510-f61f157, =2025.05.12.160240-6152e21 and more Source cves: CVE-2024-29857 Source...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability (CVE-2024-22354)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity XXE injection vulnerability. Following IBM® Engineering Lifecycle Engineering products, exposed to this vulnerability, are been addressed in this bulletin: Jazz Foundatio...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM®...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor repackages a vulnerable version of Node.js and express. Vulnerability Details CVEID:CVE-2024-27982 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by the use of content length obfuscation in the http server. By...