CVE-2023-50947

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross site scripting

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2023-50947 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2023-50947 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2023-50947

IBM Business Automation Workflow (BBWA) is affected by CVE-2023-50947, a cross-site scripting vulnerability in the Web UI. The NVD/IBM sources indicate affected versions are 22.0.2, 23.0.1, and 23.0.2, with the issue allowing embedding of arbitrary JavaScript in the Web UI and potentially exposin...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site scripting vulnerability exists in IBM...

PT-2024-14024 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 22.0.2 through 23.0.2 Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

Security Bulletin: Denial of Service vulnerability in Apache Johnzon may affect IBM Business Automation Workflow emitters - CVE-2023-33008

Summary IBM Business Automation Workflow BPMN event emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-33008 DESCRIPTION: Apache Johnzon is vulnerable to a denial of service, caused by an unsafe deserialization flaw in BigDecimal. By sending a specially...

Security Bulletin: Reflected cross-site scripting vulnerability affects IBM Business Automation Workflow - CVE-2023-50947

Summary IBM Business Automation Workflow is vulnerable to a reflected cross-site scripting attack. Vulnerability Details CVEID:CVE-2023-50947 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-40684

Summary IBM Business Automation Workflow repackages parts of IBM Content Navigator attack. CVE-2023-40684 has been addressed. Vulnerability Details CVEID:CVE-2023-40684 DESCRIPTION: IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site...

Security Bulletin: Denial of service vulnerability affects IBM Business Automation Workflow Event Emitters - CVE-2023-43642

Summary IBM Business Automation Workflow Event Emitters package a copy of snappy with a known vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafte...

Security Bulletin: Information Disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-31582

Summary IBM Business Automation Workflow packages is vulnerable version of jose4j. Vulnerability Details CVEID:CVE-2023-31582 DESCRIPTION: Jose4J could allow a remote attacker to obtain sensitive information, caused by allowing of a low iteration count of 1000 or less. By utilize cryptographic...

Security Bulletin: Multiple vulnerabilities in nodejs packages affect IBM Business Automation Workflow - CVE-2023-26159, CVE-2023-45857

Summary IBM Business Automation Workflow Workflow Center user interfaces package vulnerable versions of open source dependencies. Vulnerability Details CVEID:CVE-2023-26159 DESCRIPTION: follow-redirects could allow a remote attacker to conduct phishing attacks, caused by an open redirect...

Security Bulletin: vulnerability in Logback might affect IBM Business Automation Workflow - CVE-2023-6481

Summary The Documentation Generator for Case Solutions in IBM Business Automation Workflow might be affected by a vulnerability in LogBack. Vulnerability Details CVEID:CVE-2023-6481 DESCRIPTION: QOS.ch Sarl Logback is vulnerable to a denial of service, caused by a serialization flaw in the logbac...

Rayder - A Lightweight Tool For Orchestrating And Organizing Your Bug Hunting Recon / Pentesting Command-Line Workflows

Rayder is a command-line tool designed to simplify the orchestration and execution of workflows. It allows you to define a series of modules in a YAML file, each consisting of commands to be executed. Rayder helps you automate complex processes, making it easy to streamline repetitive modules and...

mldong Code Injection Vulnerability

mldong is mldong individual developer based on SpringBoot + Vue3 rapid development platform , self-research workflow engine . mldong 1.0 version of the code injection vulnerability , the vulnerability stems from the file com/mldong/modules/wf/engine/model/DecisionModel.java ExpressionEngine...

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

Continuous integration and continuous delivery CI/CD misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to "conduct a supply chain compromise of...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2023-44487 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a flaw in handling multiplexed streams in the HTTP/2 protocol. By sending...

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer

Summary Vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID:CVE-2023-22049 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries component could...

Security Bulletin: Security vulnerability in apache commons-codec may affect IBM Business Automation Workflow Case and Case History event emitters

Summary IBM Business Automation Workflow is vulnerable to an information leagage vulnerability. Vulnerability Details IBM X-Force ID: 177835 DESCRIPTION: Apache Commons Codec could allow a remote attacker to obtain sensitive information, caused by the improper validation of input. An attacker cou...