CVE-2023-0845

Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5...

CVE-2023-0845

CVE-2023-0845 affects HashiCorp Consul and Consul Enterprise. An authenticated user with service:write permissions could trigger a workflow that, under certain conditions, causes the Consul server and client agents to crash. The issue has a confirmed fix in Consul 1.14.5. The provided connected d...

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix April 2016 (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix October 2015

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in October 2015. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An...

Security Bulletin: Vulnerabilities in OpenSSL affect Bluemix Workflow (CVE-2014-3570, CVE-2014-3571, CVE-2014-3572, CVE-2014-8275, CVE-2015-204, CVE-2015-205, CVE-2015-206)

Summary OpenSSL vulnerabilities were disclosed on January 8, 2015 by the OpenSSL Project. This includes the vulnerability that has been referred to as “FREAK”. OpenSSL is used by Bluemix Workflow for internal communication. Bluemix Workflow has addressed the applicable CVEs. Vulnerability Details...

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix January 2016 (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in January 2016 and include the vulnerability commonly referred to as "SLOTH"...

Security Bulletin: Vulnerability in Apache Xalan may affect IBM Business Automation Workflow - CVE-2022-34169

Summary A vulnerable copy of Apache Xalan is shipped with IBM Business Automation Workflow. Vulnerability Details CVEID:CVE-2022-34169 DESCRIPTION: The Apache Xalan Java XSLT library could allow a remote attacker to execute arbitrary code on the system, caused by an integer truncation issue when...

Security Bulletin: Persistent cross-site scripting vulnerability affect IBM Business Automation Workflow - CVE-2023-22860

Summary IBM Business Automation Workflow is vulnerable to a persistent cross-site scripting attack. Vulnerability Details CVEID:CVE-2023-22860 DESCRIPTION: IBM Business Automation Workflow is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor

Summary IBM Business Automation Workflow Configuration Editor is vulnerable to multiple attacks. Vulnerability Details CVEID:CVE-2022-24999 DESCRIPTION: Express.js Express is vulnerable to a denial of service, caused by a prototype pollution flaw in qs. By adding or modifying properties of...

Security Bulletin: Denial of Service vulnerability in IBM HTTP Server used by WebSphere Application Server affects IBM Business Automation Workflow (CVE-2023-26281)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Security Bulletin: Multiple security vulnerabilities are reported for snakeyaml and jackson-databind in IBM Business Automation Workflow

Summary IBM Business Automation Workflow repackages the snakeyaml and jackson-databind open source libraries in /BPM/Lombardi/lib. Current vulnerabilities in these libraries have been assessed as not applicable in the context how the product uses these libraries. An update is made available to...

Apache Airflow Hive Provider Input Validation Error Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Hive Provider...

Apache Airflow Sqoop Provider Input Validation Error Vulnerability

Apache Airflow is the United States Apache Apache Foundation's set of open source platform for creating, managing and monitoring workflow. The platform is scalable and dynamic monitoring and other characteristics. An input validation error vulnerability exists in Apache Airflow Sqoop Provider...

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business...

Exploit for SQL Injection in Zabbix

It is an offensive tool for Vulnerability Exploitation and Research. The repository contains a collection of vulnerability exploitation tools and research materials, including exploits for various vulnerabilities, proof-of-concept PoC code, and research notes. The tools are organized by...

org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2023-25762 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)

org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2023-25762 Source advisory: OSV:GHSA-9J65-3F2Q-8Q2R...

SUSE CVE-2019-15613

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

SUSE CVE-2020-8293

A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules...