CVE-2022-42435 IBM Business Automation Workflow cross-site request forgery

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

IBM Business Automation Workflow 跨站请求伪造漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site request forgery vulnerability exists ...

PT-2023-14112 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0 through 22.0.1 Description: The issue allows an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts due to cross-site request forgery...

Security Bulletin: Security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for December 2022

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed with IBM Cloud Pak for Business Automation 21.0.3-IF016 and 22.0.1-IF006. Vulnerability Details CVEID:CVE-2017-10355 DESCRIPTION: An unspecified vulnerability in Oracle Java S...

Brave 操作系统命令注入漏洞

Brave is a fast, private and secure web browser from Brave USA. Brave UX for-the-badge suffers from an operating system command injection vulnerability that stems from several unknown functions in its .github/workflows/combine-prs.yml file that allows an attacker to implement system command...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities ( CVE-2022-21541, CVE-2022-21540 )

Summary All applicable Java SE CVEs published by Oracle as part of their July 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Test Management, BM Jazz Reporting Service , I...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty are vulnerable to HTTP header injection (CVE-2022-34165)

Summary IBM WebSphere Application Server Liberty is vulnerable to HTTP header injection when processing web requests. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Global Configuration Management, IBM Engineering...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM WebSphere Application Server Liberty is vulnerable to an Information Disclosure (CVE-2022-22393)

Summary IBM WebSphere Application Server Liberty is vulnerable to an information disclosure with the adminCenter-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin. Global Configuration Management GC...

Siemens Mendix Workflow Commons Module Improper Access Control Vulnerability

Siemens Mendix Workflow Commons Module provides out-of-the-box content to help you get started building workflows in Mendix.A security vulnerability exists in Siemens Mendix Workflow Commons Module due to a failure of the affected module version to properly handle access control for certain modul...

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

Information disclosure

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

Siemens Mendix Workflow Commons

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Mendix Workflow Commons 访问控制错误漏洞

Siemens Mendix Workflow Commons Module provides out-of-the-box content to help you get started building workflows in Mendix.A security vulnerability exists in Siemens Mendix Workflow Commons Module due to a failure of the affected module version to properly handle access control for certain modul...

CVE-2022-46664

A vulnerability has been identified in Mendix Workflow Commons All versions V2.4.0, Mendix Workflow Commons V2.1 All versions V2.1.4, Mendix Workflow Commons V2.3 All versions V2.3.2. Affected versions of the module improperly handle access control for some module entities. This could allow...

CVE-2022-46664

CVE-2022-46664 affects Mendix Workflow Commons prior to v2.4.0 (and specific earlier sub-versions: v2.1 before 2.1.4; v2.3 before 2.3.2). The root cause is Improper Access Control for certain module entities, allowing authenticated remote attackers to read or delete sensitive information. Impact ...

PT-2022-27936 · Mendix · Mendix Workflow Commons

Name of the Vulnerable Software and Affected Versions: Mendix Workflow Commons versions prior to 2.4.0 Mendix Workflow Commons V2.1 versions prior to 2.1.4 Mendix Workflow Commons V2.3 versions prior to 2.3.2 Description: A vulnerability has been identified in the handling of access control for...

Security Bulletin: Vulnerability which affects Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM)

Summary There is a vulnerability CVE-2021-29701 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID:CVE-2021-29701 DESCRIPTION: IBM Engineering Workflow Management could allow an authneticated attacker to obtain sensitive information fr...