CVE-2022-38167

The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS...

CVE-2022-38167

Technical details (affected product/version, root cause, patch status) are not publicly provided in the connected documents; monitor for updates on CVE-2022-38167.

Default configuration

Vela is a Pipeline Automation CI/CD framework built on Linux container technology written in Golang. In Vela Server and Vela Worker prior to version 0.16.0 and Vela UI prior to version 0.17.0, some default configurations for Vela allow exploitation and container breakouts. Users should upgrade to...

Description of the security update for SharePoint Server 2019: September 13, 2022 (KB5002258)

Description of the security update for SharePoint Server 2019: September 13, 2022 KB5002258 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the vulnerabilities...

Description of the security update for SharePoint Foundation 2013: September 13, 2022 (KB5002267)

Description of the security update for SharePoint Foundation 2013: September 13, 2022 KB5002267 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...

Description of the security update for SharePoint Enterprise Server 2016: September 13, 2022 (KB5002269)

Description of the security update for SharePoint Enterprise Server 2016: September 13, 2022 KB5002269 Summary This security update resolves a Microsoft SharePoint Server remote code execution vulnerability and Microsoft SharePoint remote code execution vulnerability. To learn more about the...

IBM Business Automation Workflow Information Disclosure Vulnerability

IBM Business Automation Workflow is a workflow automation solution from IBM in the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.An information disclosure vulnerability exists in multiple...

CVE-2022-35279

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."...

Design/Logic Flaw

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."...

IBM Business Automation Workflow 安全漏洞

IBM Business Automation Workflow is a workflow automation solution from IBM in the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.An information disclosure vulnerability exists in multiple...

CVE-2022-35279

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."...

CVE-2022-35279

CVE-2022-35279 affects IBM Business Automation Workflow (containers and traditional deployments). The issue is an information-disclosure vulnerability where authenticated users could learn sensitive version information, which could facilitate further attacks. Affected products/versions include IB...

CVE-2022-35279

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."...

Apache DolphinScheduler Path Traversal Vulnerability (CNVD-2022-78865)

Apache DolphinScheduler, a distributed DAG visualization-based workflow task scheduling system from the Apache Foundation, is vulnerable to a path traversal vulnerability in versions prior to Apache DolphinScheduler 3.0.0, which stems from a path traversal when a user adds a resource to the...

Security Bulletin: XML External Entity Injection vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2014-3004

Summary IBM Business Automation Workflow is vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID:CVE-2014-3004 DESCRIPTION: Castor Library could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error when processi...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2022-40750)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-34165)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2022-34917

Summary Event emitters for Business Automation Insights in IBM Business Automation Workflow are affected by a Denial of Service attack. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2022-32222 DESCRIPTION: Node.js could allow a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow (CVE-2022-37734)

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...