CVE-2023-3485 Insecure Default Authorization in Temporal Server

Insecure defaults in open-source Temporal Server before version 1.20 on all platforms allows an attacker to craft a task token with access to a namespace other than the one specified in the request. Creation of this task token must be done outside of the normal Temporal server flow. It requires t...

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM WebSphere Application Server shipped with IBM Business Automation Workflow April 2023 CPU

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2023-35890)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A security vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2023-28867)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

Apache Airflow ODBC Provider Remote Code Execution Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. A remote code execution vulnerability exists in Apache Airflow ODBC Provider, which can be exploited by an attacker to cause command execution...

Four Signs You Need to Consolidate Your Tech Stack

Recently, Gartner surveyed security professionals and found that over 50% of the respondents were looking to consolidate their security tech stack. Why? These professionals recognized that security vendor consolidation is key to achieving their goals of improving productivity, visibility, and...

Transition screen removed when project admin edits a transition

h3. Problem The relevant transition screen gets removed when a project admin without Jira Administrator global permission attempts to edit a transition. h3. Environment Jira h3. Steps to Reproduce Create a new project I used Scrum software development template Modify one of the transitions in the...

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

Cross site scripting

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

CVE-2023-32339

CVE-2023-32339: IBM Business Automation Workflow is vulnerable to cross-site scripting in the Web UI, enabling an attacker to embed arbitrary JavaScript and potentially disclose credentials within a trusted session. The bulletin and Red Hat/IBM sources list affected products and versions across I...

CVE-2023-32339 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

CVE-2023-32339 IBM Business Automation Workflow cross-site scripting

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

PT-2023-23736 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow affected versions not specified Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure withi...

IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow has a security...

Apache Airflow Information Disclosure Vulnerability (CNVD-2023-55401)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. Apache Airflow suffers from an information disclosure vulnerability, the source program is not sufficiently protected for sensitive information, which can be...

PT-2023-8583 · Ilias · Ilias

Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.23 ILIAS versions 8 prior to 8.3 Description: The issue is related to insufficient input validation in the workflow-engine of ILIAS, allowing remote authenticated users to execute arbitrary system commands on the...

Use PCI DSS Checklist with Automation

Meet requirements and compliance levels without interrupting your workflow...

Cross site scripting

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...

CVE-2023-35146

Jenkins Template Workflows Plugin 41.v32d86a313b4a and earlier does not escape names of jobs used as buildings blocks for Template Workflow Job, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers able to create jobs...