Security Bulletin: Multiple vulnerabilities in VMware Tanzu Spring Framework affect IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary Multiple vulnerabilities exist in VMware Tanzu Spring Framework, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2023-20861 DESCRIPTION...

Security Bulletin: Vulnerability in spring-expressions may affect IBM Business Automation Workflow - CVE-2023-20863

Summary IBM Business Automation Workflow packages a vulnerable copy of spring-expressions in BPM/Lombardi/lib. Vulnerability Details CVEID:CVE-2023-20863 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially...

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-32339

Summary IBM Business Automation Workflow is vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID:CVE-2023-32339 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server shipped with IBM Businses Automation Workflow (CVE-2023-32342)

Summary IBM WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM HTTP Server shipped with IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK and WebSphere Application Server Liberty profile affect IBM Business Automation Workflow containers

Summary Multiple vulnerabilities have been reported for IBM® Java SDK and WebSphere Application Server Liberty profile, which are shipped with IBM Business Automation Workflow containers. Vulnerability Details CVEID:CVE-2023-21830 DESCRIPTION: An unspecified vulnerability in Java SE related to th...

Security Bulletin: Apache commons fileupload vulnerability affect embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager - CVE-2023-24998

Summary Embedded Case Forms in IBM Business Automation Workflow and IBM Case Manager are affected by Apache commons fileupload vulnerability. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 8, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details...

Cross-site Scripting (XSS)

workflow-job is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the displayName attribute of the summary.jelly does not escape before being rendered, allowing an attacker to inject and execute malicious JavaScript...

Command injection

NextCloud Cookbook is a recipe library app. Prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch, the pull-checks.yml workflow is vulnerable to command injection attacks because of using an untrusted github.headref field. The github.headref value is an...

PT-2023-23164 · Nextcloud · Nextcloud Cookbook

Name of the Vulnerable Software and Affected Versions: NextCloud Cookbook versions prior to commit a46d9855 on the master branch and commit 489bb744 on the main-0.9.x branch Description: The issue concerns a command injection vulnerability due to the use of an untrusted github.head ref field in t...

Fedora: Security Advisory for cups-filters (FEDORA-2023-6ca587ac4c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: A CVE-2023-26049 vulnerability in Eclipse Jetty affects IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow

Summary A vulnerability exists in Eclipse Jetty, which is used by the desktop version of IBM Process Designer 8.5.7 shipped with IBM Business Automation Workflow. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-26049 DESCRIPTION: Eclipse Jetty could all...

io.jenkins.blueocean:blueocean-pipeline-scm-api (>=1.27.4 <=1.27.5.1), io.jenkins.plugins:code-coverage-api (>=4.2.0 <=4.7.0) +12 more potentially affected by CVE-2023-32977 via org.jenkins-ci.plugins.workflow:workflow-job (>=0.1-beta-1 <=1292.v27d8cc3e2602)

org.jenkins-ci.plugins.workflow:workflow-job MAVEN version =0.1-beta-1, =1.27.4, =4.2.0, =1.17.vd2468d9c5e85, =0.1-beta-1, =1.14, =1.16.4 - org.jenkins-ci.plugins:gradle =2.12.0.1 - org.jenkins-ci.plugins:inline-pipeline =1.0.3 Source cves: CVE-2023-32977 Source advisory: OSV:GHSA-2WVV-PHHW-QVMC...

Security Bulletin: Denial of Service vulnerability in Apache commons-fileupload may affect IBM Business Automation Workflow (CVE-2023-24998)

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache commons-fileupload in its /BPM/Lombardi/lib directory. Vulnerability Details CVEID:CVE-2023-24998 DESCRIPTION: Apache Commons FileUpload and Tomcat are vulnerable to a denial of service, caused by not limit the number o...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Automation Workflow (CVE-2023-27554)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Business Automation Workflow (CVE-2023-30441)

Summary WebSphere Application Server traditional and WebSphere Application Server Liberty profile are shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional and Liberty profile have been publish...

Security Bulletin: Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471

Summary A vulnerable copy of snakeyaml is packaged with BPMEventEmitters and CaseEventEmitters in IBM Business Automation Workflow. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...

Apache Airflow Cross-Site Scripting Vulnerability (CNVD-2023-52700)

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. A cross-site scripting vulnerability exists in Apache Airflow versions prior to...

Apache Airflow Elevation of Privilege Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An elevation of privilege vulnerability exists in Apache Airflow versions prior to...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2023-37162)

IBM Business Automation Workflow is an integrated platform that helps business users rapidly automate all aspects of business operations at scale. A cross-site scripting vulnerability exists in IBM Business Automation Workflow versions 18.0.0.0 through 22.0.2, which can be exploited by an attacke...