Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2022-31129, CVE-2022-24785

Summary There is a vulnerabilities CVE-2022-31129, CVE-2022-24785 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of service, caused by inefficient regular expression complexity. By sending a...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203

Summary There are vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2020-28500 DESCRIPTION: Node.js lodash module is vulnerable to a denial of service, caused by a regular expression denial of servi...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183

Summary There are vulnerabilities CVE-2021-41182, CVE-2022-31160, CVE-2021-41184, CVE-2021-41183 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-41182 DESCRIPTION: jQuery jQuery-UI is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2021-43138

Summary There is a vulnerability CVE-2021-43138 which affects IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues method. By...

PT-2023-20683 · Unknown · Cocos Engine

Name of the Vulnerable Software and Affected Versions: Cocos Engine affected versions not specified Description: The issue concerns a command injection vulnerability in the web-interface-check.yml file of the Cocos Engine GitHub repository. This file was triggered by pull requests and contained a...

PT-2023-35729 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow read issue has been identified, which can cause a crash. The crash occurs in the ndpi workflow process packet function, specifical...

Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...

Security Bulletin: Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer affect IBM Business Automation Workflow - CVE-2023-24957

Summary IBM Business Automation Workflow is vulnerable to a Stored cross-site vulnerability when performing a document upload using Responsive Document Explorer. Vulnerability Details CVEID:CVE-2023-24957 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2023-25690)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Atlassian Jira 7.2.0 < 8.18.1 Remote Code Execution In Workflow Import

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.19.0. It is, therefore, affected by a vulnerability which allows remote attackers who can trick a system administrator to import their malicious workflow to execute arbitrar...

CVE-2023-27581 github-slug-action vulnerable to arbitrary code execution

github-slug-action is a GitHub Action to expose slug value of GitHub environment variables inside of one's GitHub workflow. Starting in version 4.0.0 and prior to version 4.4.1, this action uses the github.headref parameter in an insecure way. This vulnerability can be triggered by any user on...

CVE-2023-27581

Summary: CVE-2023-27581 affects the GitHub Action github-slug-action. Vulnerability: Versions before 4.4.1 insecurely use the github.head_ref parameter in pull request workflows, enabling an attacker to trigger code execution on GitHub runners and exfiltrate CI secrets. Impact: High impact on con...

CVE-2023-0845

A flaw was found in the HashiCorp Consul. This flaw allows an authenticated user with service:write permissions to trigger a workflow that causes the Consul server and client agents to crash under certain circumstances...

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for Febuary 2023

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF018 and 22.0.2-IF002. Vulnerability Details CVEID:CVE-2022-38749 DESCRIPTION: SnakeYAML is vulnerable to a denial of servic...

Consul Server Panic when Ingress and API Gateways Configured with Peering Connections

A vulnerability was identified in Consul and Consul Enterprise “Consul” an authenticated user with service:write permissions could trigger a workflow that causes Consul server and client agents to crash under certain circumstances. To exploit this vulnerability, an attacker requires access to an...

CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

Code injection

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...