Apache Dolphinscheduler Arbitrary File Read Vulnerability

Apache DolphinScheduler is a distributed DAG visualization-based workflow task scheduling system from the Apache Apache Foundation in the United States. Apache Dolphinscheduler suffers from an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive information...

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2024-20952 DESCRIPTION: An unspecified vulnerability in Java SE related to the Security component could...

CVE-2024-25153

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

Directory traversal

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

CVE-2024-25153 Remote Code Execution in FileCatalyst Workflow 5.x prior to 5.1.6 Build 114

A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially craft...

FileCatalyst Workflow Web Portal Security Vulnerability

FileCatalyst Workflow Web Portal is a Web-based application from FileCatalyst, Inc. A security vulnerability exists in FileCatalyst Workflow Web Portal prior to 5.1.6 Build 114 that stems from the presence of a path traversal vulnerability. An attacker could use this vulnerability to upload files...

PT-2024-2196 · Unknown · Filecatalyst Workflow

Name of the Vulnerable Software and Affected Versions: FileCatalyst Workflow versions prior to 5.1.6 Build 114 Description: A directory traversal vulnerability within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ director...

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions...

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions...

CVE-2024-28230

In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions...

CVE-2024-28230

Summary of CVE-2024-28230 : JetBrains YouTrack versions prior to 2024.1.25893 allow attaching/detaching a workflow to a project without project admin permissions, enabling possible unauthorized workflow management. Reported by Red Hat and other sources, with CVSS v3.1 base score 6.5 (Medium) / Ne...

JetBrains YouTrack Security Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in versions prior to JetBrains YouTrack 2024.1.25893, which...

BIT-CONSUL-2023-0845 Consul Server Panic when Ingress and API Gateways Configured with Peering

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

PT-2024-2097 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.1.25893 Description: The issue is related to the lack of authorization procedures in JetBrains YouTrack, allowing an attacker to gain unauthorized access to a project. This is due to the possibility o...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow Configuration Editor packages a Node.js runtime. Vulnerabilities have been reported for Node.js. Vulnerability Details CVEID:CVE-2024-21892 DESCRIPTION: Node.js could allow a local authenticated attacker to gain elevated privileges on the system, caused by...

Security Bulletin: Apache Derby vulnerability addressed in IBM Business Automation Workflow on containers [CVE-2022-46337]

Summary IBM Business Automation Workflow on containers addessed CVE-2022-46337. A copy of derby is included on container images, but never used in a supported scenario. Even in unsupported scenarios, there is no way of letting derby interact with LDAP. Vulnerability Details CVEID:CVE-2022-46337...

Security Bulletin: Denial of Service vulnerability in WebSphere Liberty may affect IBM Business Automation Workflow (CVE-2023-44487)

Summary WebSphere Liberty is shipped with IBM Business Automation Workflow traditional to support Process Federation Server and User Management Services. WebSphere Liberty is also the application server for IBM Business Automation Workflow on Containers. A denial of service vulnerability has been...

Security Bulletin: Multiple vulnerabilities in Java affect IBM Business Automation Workflow - Oct 2023 CPU

Summary IBM Business Automation Workflow containers package IBM® Java SDK 8 V21.0.3 or IBM® Semeru Runtime 11 V23.0.1, IBM® Semeru Runtime 17 V23.0.2. Information about security vulnerabilities in these Java runtumes have been published. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

Summary IBM Business Automation Workflow Event Emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a speciall...