Security Bulletin: Incorrect authorization vulnerability affect IBM Business Automation Workflow - CVE-2023-47716

Summary IBM Business Automation Workflow embedded doucment managaement system is vulnerable to incorrect authorization an attack. Vulnerability Details CVEID:CVE-2023-47716 DESCRIPTION: IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the...

Security Bulletin: Cross-Site scripting vulnerability in ESAPI may affect IBM Business Automation Workflow - IBM X-Force ID: 273485

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site scripting attack. Vulnerability Details IBM X-Force ID: 273485 DESCRIPTION: Enterprise Security API for Java is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the...

Security Bulletin: Vulnerability in PostCSS affects IBM Business Automation Workflow - CVE-2023-44270

Summary IBM Business Automation Workflow is depends on a vulnerable version of PostCSS. Vulnerability Details CVEID:CVE-2023-44270 DESCRIPTION: PostCSS could allow a remote attacker to bypass security restrictions, caused by improper input validaiton. By using a specially crafted external Cascadi...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - Jan 2024 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 17 V23.0.2. Information about security vulnerabilities in these Java runtumes have been published. IBM Business Automation Workflow includes IBM Java 8. Vulnerability Details...

MAL-2024-1188 Malicious code in u-workflow.module.common.tech (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 4612413a50009733ba8d6cd5ca56bc35c097a48862df442bcbc41453cf437da0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1189 Malicious code in u-workflow.module.common.visibility (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f6dcf3beecd86989a7b3a417a5bf6ae97e3b29c18583b6022dcf50a8a1ec988a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2024-22847 · Seeyonoa · Seeyonoa

Name of the Vulnerable Software and Affected Versions: seeyonOA version 8 Description: An issue was discovered that allows remote attackers to execute arbitrary code via the importProcess method in the WorkFlowDesignerController.class component. Recommendations: For seeyonOA version 8, as a...

Malicious code in u-workflow.module.common.hour-of-week (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-1158 Malicious code in u-workflow.module.common.hour-of-week (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Denial of Service vulnerability affects IBM Business Automation Workflow (IBM X-Force ID 270419)

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details IBM X-Force ID: 270419 DESCRIPTION: Enterprise Security API for Java is vulnerable to a denial of service, caused by a flaw in the HTTPUtilities.getFileUploads methods. By sending a special...

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-52425)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

PT-2024-18125 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio-app/gradio repository affected versions not specified Description: A command injection issue exists in the deploy+test-visual.yml workflow due to improper neutralization of special elements used in a command. This allows attackers to...

Security Bulletin: OpenSSH vulnerability affects IBM WebSphere Adapter for FTP shipped with IBM Business Automation Workflow - CVE-2023-48795

Summary IBM WebSphere Adapter for FTP is shipped with IBM Business Automation Workflow and is vulnerable to a machine-in-the-middle attack. Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: OpenSSH is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiatio...

Malicious code in u-workflow.module.common.features (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 43c063fa58fdcf0f64acc12e433390c9dc078ab6b6eb6dd773242db454f29a47 The OpenSSF Package Analysis project identified 'u-workflow.module.common.features' @ 1.0.1 npm as malicious. It is considered malicious because...

The vulnerability of the ftpservlet component of the FileCatalyst Workflow software allows a perpetrator to execute arbitrary code.

The vulnerability of the ftpservlet component in the FileCatalyst Workflow software lies in errors during the processing of HTTP POST requests. Exploiting this vulnerability allows an attacker to execute arbitrary code by loading specially crafted JSP files remotely...

MAL-2024-1131 Malicious code in u-workflow.module.common.webapp (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 676ec2bf7328ac16d28e24c3bb40fca880b4161a25988951f815eb86c0598b95 The OpenSSF Package Analysis project identified 'u-workflow.module.common.webapp' @ 1.0.0 npm as malicious. It is considered malicious because: ...

CVE-2024-26051 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)

Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

PT-2024-22137

Name of the Vulnerable Software and Affected Versions Nuclei versions prior to 3.2.0 Description A significant security oversight was identified in Nuclei, involving the execution of unsigned code templates through workflows. This issue specifically affects users utilizing custom workflows,...

Nuclei Security Vulnerabilities

Nuclei is a customizable and fast vulnerability scanner based on YAML syntax templates. A security vulnerability exists in nuclei 3.0.0 and later, which stems from allowing the execution of unsigned code templates via a workflow, resulting in malicious code that can be executed on a user's system...

Apache Dolphinscheduler Arbitrary File Read Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache Dolphinscheduler suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...