PT-2023-8450 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.23 ILIAS versions 8 prior to 8.3 Description: The issue is related to the incorrect implementation of the sequence of actions in the ILIAS learning management system. It allows a remote attacker to execute arbitrary...

CVE-2023-36486

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename...

CVE-2023-36486

The CVE-2023-36486 issue affects ILIAS’s workflow-engine prior to versions 7.23 and 8 prior to 8.3. It allows remote authenticated users to execute arbitrary system commands on the application server as the application user by uploading a workflow definition file with a malicious filename. The vu...

CVE-2023-36485

The CVE concerns ILIAS workflow-engine vulnerability present in versions prior to 7.23 (and 8 prior to 8.3). A malicious BPMN2 workflow definition file can be used by remote authenticated users to execute arbitrary system commands on the application server as the ILIAS application user, due to in...

ILIAS Security Vulnerabilities

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS versions prior to 7.23 and prior to 8.3, which stems from a workflow-engine vulnerability that allows an attacker to run arbitrary system commands on an application server as an application user via a...

CVE-2023-36485

The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...

GHSA-JPFP-XQ3P-4H3R Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

Deis Workflow Manager race condition vulnerability

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

CVE-2016-15036

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

CVE-2016-15036

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

Race condition

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

CVE-2016-15036 Deis Workflow Manager race condition

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgradin...

CVE-2016-15036

CVE-2016-15036 refers to a race condition vulnerability in Deis Workflow Manager up to version 2.3.2. The available sources describe that the vulnerability arises from a manipulation leading to a race condition in an unspecified part of the workflow-manager, with attack complexity rated as high a...

Deis Workflow Manager Competitive Conditions Issue Vulnerability

Deis Workflow Manager is an open source Platform-as-a-Service PaaS from Deis that adds a developer-friendly layer to any Kubernetes cluster, making it easy to deploy and manage applications on your own servers. A vulnerability exists in Deis Workflow Manager version 2.3.2 and prior versions for a...

PT-2023-10355 · Unknown · Deis Workflow Manager

Name of the Vulnerable Software and Affected Versions: Deis Workflow Manager versions up to 2.3.2 Description: A vulnerability was found in Deis Workflow Manager, which has been classified as problematic. This issue affects an unknown part of the system and leads to a race condition. The complexi...

CVE-2023-49791

CVE-2023-49791 affects Nextcloud Server and Nextcloud Enterprise Server where an attacker with an active session of another user could call the API to delete/modify workflows without password confirmation, bypassing the UI check. The description lists affected ranges: Nextcloud Server pre-26.0.9 ...

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An Access Control Error vulnerability exists in Nextcloud Server, which stems from the ability to delete and modify workflows by bypassing calls sent direct...

CVE-2023-6804

Improper privilege management allowed arbitrary workflows to be committed and run using an improperly scoped PAT. To exploit this, a workflow must have already existed in the target repo. This vulnerability affected all versions of GitHub Enterprise Server since 3.8 and was fixed in version 3.8.1...

Security Bulletin: Apache commons fileupload vulnerability affect embedded Content Platform Engine in IBM Business Automation Workflow - CVE-2023-24998

Summary The embedded Content Platform Engine in IBM Business Automation Workflow is affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the numb...

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2023-40691

Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2023-40691 DESCRIPTION: IBM Business Automation Workflow may reveal sensitive information contained in application configuration to developer and administrator users. CVSS Base...