PT-2023-26537 · Unknown +2 · Helix Core +3

Name of the Vulnerable Software and Affected Versions: helix-core versions prior to 1.3.0 helix-rest versions prior to 1.3.0 Description: An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize...

Security Bulletin: Multiple vulnerabilities affect the embedded Content Navigator in Business Automation Workflow - CVE-2023-24998, 254437

Summary The embedded Content Navigator in IBM Business Automation Workflow is affected by multiple vulnerabilities. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number of request parts t...

Security Bulletin: IBM InfoSphere Information Server is affected by a vulnerability in VMware Tanzu Spring Security (CVE-2023-20862)

Summary A vulnerability in VMware Tanzu Spring Security used by IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-20862 DESCRIPTION: VMware Tanzu Spring Security could allow a remote attacker to bypass security restrictions, caused by the logout support feature...

ONS Digital RAS Collection Instrument 操作系统命令注入漏洞

ONS Digital RAS Collection Instrument is an application from ONS Digital that is responsible for collection exercises and instrument uploads. An operating system command injection vulnerability exists in ONS Digital RAS Collection Instrument versions prior to 2.0.28, which stems from a security...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-67075)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An information disclosure vulnerability exists in Apache Airflow versions prior to...

Apache Airflow Input Validation Error Vulnerability (CNVD-2023-67074)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow versions prior to...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities [CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473]

Summary There are vulnerabilities which affect IBM Engineering Workflow Management EWM. CVE-2022-1434, CVE-2022-1343, CVE-2022-1292, CVE-2022-1473 The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-1434 DESCRIPTION: OpenSSL is vulnerable to a man-in-the-middle attack,...

MSPM0L1306-HAL (>=0.1.0 <=0.1.6), a4 (>=0.0.1 <=0.0.4) +863 more potentially affected by unknown CVE via atomic-polyfill (=1.0.3)

atomic-polyfill CARGO version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on atomic-polyfill and may be impacted: - MSPM0L1306-HAL =0.1.0, =0.0.1, =0.0.3, =0.23.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.1, =0.5.2 and more...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161

Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to spoofing - CVE-2022-39161

Summary IBM WebSphere Application Server Liberty are vulnerable to spoofing via the optional and separately installable Web Server Plug-ins for IBM WebSphere Application Server component. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addresse...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to GraphQL - CVE-2023-28867

Summary Vulnerability in the GraphQL Java library used by IBM WebSphere Application Server Liberty when the feature mpGraphQL-1.0 or mpGraphQL-2.0 is enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2023-3315

Summary Vulnerability CVE-2023-3315 affects the Team Concert plugin of IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2023-3315 DESCRIPTION: Jenkins Team Concert could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841

Summary There are vulnerabilities CVE-2021-23839, CVE-2021-23840, CVE-2021-23841 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-23839 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by incorrect SSLv2 rollback protection that...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2020-1968

Summary There is a vulnerability CVE-2020-1968 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-1968 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by a Raccoon attack in the TLS specification. By computing the...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2022-0778

Summary There is a vulnerability CVE-2022-0778 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-0778 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw in the BNmodsqrt function when parsing certificates. By using a...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-4160

Summary There is avulnerability CVE-2021-4160 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squaring procedure. An...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-3712

Summary There is a vulnerability CVE-2021-3712 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-3712 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By...

Security Bulletin: IBM Integration Designer is vulnerable to a denial of service (CVE-2023-21967)

Summary The fix includes a new version of the IBM Runtime Environment Java 8 that resolve the specified vulnerability. Vulnerability Details CVEID:CVE-2023-21967 DESCRIPTION: An unspecified vulnerability in Oracle Java SE, Oracle GraalVM Enterprise Edition related to the Hotspot component could...

Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

GHSA-GM2G-2XR9-PXXJ Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...