Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-51775)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

FileCatalyst Workflow ftpservlet file upload

Added: 04/08/2024 Background FileCatalyst Workflow is a managed file transfer product. Problem The ftpservlet component in the FileCatalyst Workflow web portal is affected by a directory traversal vulnerability which could allow an anonymous user to upload files to arbitrary locations. This leads...

Security Bulletin: Denial of service vulnerability in Johnzon affects IBM Business Automation Workflow - CVE-2023-33008

Summary IBM Business Automation Workflow is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially crafted JSON input, a...

Denial Of Service (DoS)

Temporal Server is vulnerable to Denial of Service DoS. The vulnerability is caused by an authenticated user with permissions to interact with workflows submitting an invalid UTF-8 string which causes an application crash. This can lead to stuck tasks in the queue, increased queue lag, resource...

Security Bulletin: Insecure XML parsing vulnerability affect IBM Business Automation Workflow - CVE-2014-0107, CVE-2022-34169

Summary IBM Business Automation Workflow reintroduced an outdated version of the Xalan library. Vulnerability Details CVEID:CVE-2014-0107 DESCRIPTION: Apache Xalan-Java could allow a remote attacker to bypass security restrictions, caused by the improper handling of output properties. An attacker...

Temporal Server Denial of Service

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

CVE-2024-2689 Denial of Service if invalid UTF-8 sent

Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid...

Cross-Site Scripting (XSS)

github.com/temporalio/ui-server is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of signal names, allowing an attacker to inject a script that executes when a victim views the signal in the timeline page displaying the workflow execution details...

Temporal Server 安全漏洞

Temporal Server is a microservices orchestration platform from Temporal. A security vulnerability exists in Temporal Server versions prior to 1.20.5, 1.21.6, and 1.22.7, which stems from a vulnerability that allows an attacker to interact with a workflow and craft invalid UTF-8 strings for...

Temporal UI Server cross-site scripting vulnerability

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

GHSA-8F25-W7QJ-R7HC Temporal UI Server cross-site scripting vulnerability

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2023-50313)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

CVE-2024-2435

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

CVE-2024-2435 Stored XSS in Timeline View

For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access...

CVE-2024-2435

This CVE affects Temporal UI Server (github.com/temporalio/ui-server). The vulnerability is an XSS in the timeline page that displays workflow execution details, triggered when an attacker sends a signal to a workflow with a crafted signal name. The root cause is insufficient sanitization of the ...