Lucene search
K

4580 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/01/16 7:5 a.m.38 views

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM® SDK, Java™ Technology Edition are affected by multiple vulnerabilities (CVE-2022-21628, CVE-2022-21626, CVE-2022-21624, CVE-2022-21619)

Summary This covers all applicable Java SE CVEs published by Oracle as part of their October 2022 Critical Patch Update. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering Lifecycle...

5.3CVSS5.3AI score0.02376EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/01/09 5:15 p.m.4 views

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

6.5CVSS5.8AI score0.0056EPSS
Exploits0References4
NVD
NVD
added 2023/01/09 5:15 p.m.38 views

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

6.5CVSS6.3AI score0.0056EPSS
Exploits0References4
Prion
Prion
added 2023/01/09 5:15 p.m.23 views

Authorization

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

4CVSS6.3AI score0.0056EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 4:57 p.m.112 views

Security Bulletin: Code injection vulnerability affect IBM Business Automation Workflow (CVE-2022-42920)

Summary IBM Business Automation Workflow packages Apache Commons BCEL. A code injection vulnerability affecting BCEL was reported. CVE-2022-42920 Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an...

9.8CVSS9.8AI score0.02836EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/09 4:54 p.m.59 views

Security Bulletin: Cross-Site Request Forgery vulnerability affects IBM Business Automation Workflow - CVE-2022-42435

Summary IBM Business Automation Workflow is vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID:CVE-2022-42435 DESCRIPTION: IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is...

8.8CVSS6.5AI score0.00257EPSS
Exploits0Affected Software1
Cvelist
Cvelist
added 2023/01/09 12:0 a.m.47 views

CVE-2022-46258 Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

6.5AI score0.0056EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/01/09 12:0 a.m.9 views

PT-2023-14888 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.7 GitHub Enterprise Server versions 3.3 through 3.3.15 GitHub Enterprise Server versions 3.4 through 3.4.10 GitHub Enterprise Server versions 3.5 through 3.5.7 GitHub Enterprise Server versions 3.6...

6.5CVSS7.2AI score0.0056EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2023/01/09 12:0 a.m.9 views

CVE-2022-46258 Incorrect Authorization in GitHub Enterprise Server leads to Action Workflow modifications without Workflow Scope

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

6.5AI score0.0056EPSS
Exploits0References4
CVE
CVE
added 2023/01/09 12:0 a.m.66 views

CVE-2022-46258

CVE-2022-46258 describes an incorrect authorization in GitHub Enterprise Server where a repository-scoped token with read/write access could modify Action Workflow files without a Workflow scope. Affected: all versions before 3.7. Fixes were released in 3.3.16, 3.4.11, 3.5.8, and 3.6.4. Practical...

6.5CVSS6.2AI score0.0056EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.6 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.7. An attacker...

6.5CVSS6.5AI score0.0056EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/01/06 12:0 a.m.7 views

Red Hat Keycloak 授权问题漏洞

Red Hat Keycloak is a suite of software from Red Hat, Inc. that provides authentication and management capabilities for modern applications and services. A security vulnerability exists in Red Hat Keycloak that stems from an improperly implemented behavioral workflow that allows an attacker to...

6.5CVSS6.4AI score0.007EPSS
Exploits0References4
NVD
NVD
added 2023/01/04 12:15 a.m.23 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS6.4AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2023/01/04 12:15 a.m.3 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
Prion
Prion
added 2023/01/04 12:15 a.m.23 views

Cross site request forgery (csrf)

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

6.8CVSS8.4AI score0.00257EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/01/03 11:16 p.m.31 views

CVE-2022-42435 IBM Business Automation Workflow cross-site request forgery

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

4.3CVSS8.4AI score0.00257EPSS
Exploits0References2
CVE
CVE
added 2023/01/03 11:16 p.m.82 views

CVE-2022-42435

IBM Business Automation Workflow (versions 18.0.0 through 22.0.1) is affected by CVE-2022-42435, a Cross-Site Request Forgery vulnerability. The issue affects both containers (various 20.x–22.x releases) and traditional deployments (18.x–22.0.1) with the highest impact described as the ability fo...

8.8CVSS6.4AI score0.00257EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/03 11:16 p.m.10 views

CVE-2022-42435 IBM Business Automation Workflow cross-site request forgery

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

4.3CVSS6.6AI score0.00257EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2023/01/03 3:55 p.m.49 views

Security Bulletin: Multiple vulnerabilities within Jackson JSON library affect IBM Business Automation Workflow (CVE-2017-17485, CVE-2018-5968, CVE-2018-7489)

Summary Multiple security vulnerabilities have been reported for Jackson JSON library that is used by IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-7489 DESCRIPTION: FasterXML jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused ...

9.8CVSS8.9AI score0.49727EPSS
Exploits1Affected Software5
CNNVD
CNNVD
added 2023/01/03 12:0 a.m.7 views

IBM Business Automation Workflow 跨站请求伪造漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. A cross-site request forgery vulnerability exists ...

8.8CVSS7.8AI score0.00257EPSS
Exploits0References4
Rows per page
Query Builder