PT-2022-18558 · Cybozu · Cybozu Garoon

Name of the Vulnerable Software and Affected Versions: Cybozu Garoon versions 4.0.0 through 5.5.1 Description: The issue allows a remote authenticated attacker to bypass operation restrictions in the Workflow of Cybozu Garoon and alter the data of Workflow. Recommendations: For Cybozu Garoon...

Security Bulletin: Remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2021-43138

Summary IBM Business Automation Workflow is vulnerable to a remote code execution attack. Vulnerability Details CVEID: CVE-2021-43138 DESCRIPTION: Async could allow a remote attacker to execute arbitrary code on the system, caused by prototype pollution in the mapValues method. By persuading a...

Risk-based Remediation Powered by Patch Management in Qualys VMDR 2.0

According to the recently released Verizon DBIR report, vulnerability exploitation continued to be one of the top three attack vectors exploited by bad actors in 2021 to break into organizations. As of this writing, it’s only June, but more than 10,000 vulnerabilities have already been disclosed ...

Security Bulletin: Rational Team Concert (RTC) and IBM Engineering Workflow Management (EWM) OpenSSL vulnerability CVE-2021-4044

Summary There is a vulnerability CVE-2021-4044 which affects Rational Team Concert RTC and IBM Engineering Workflow Management EWM. Vulnerability Details CVEID: CVE-2021-4044 DESCRIPTION: OpenSSL could allow a remote attacker to bypass security restrictions, caused by invalid handling of...

Malicious code in hope-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 464baa6efa4319832f76cd881686e330449c2bee41ed5f935cd0675e666a5be2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-3672 Malicious code in hope-workflow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 464baa6efa4319832f76cd881686e330449c2bee41ed5f935cd0675e666a5be2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for May 2022

Summary In addition to many updates of open source packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.2-IF011 and 21.0.3-IF009. Vulnerability Details CVEID: CVE-2021-44906 DESCRIPTION: Node.js Minimist module could allow a remote attacke...

The vulnerability of the Request Management & Workflow sub-component of the Oracle Identity Manager identity management software allows a malicious actor to gain unauthorized access to protected data.

The vulnerability of the Request Management & Workflow sub-component of the Oracle Identity Manager identity management software exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected...

Uncontrolled Resource Consumption

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

The vulnerability of the Mailer Workflow Notification Mailer component of the Oracle Workflow software, a business automation system within the Oracle E-Business Suite. This component allows unauthorized access by attackers to protected information.

The vulnerability of the Mailer Workflow Notification Mailer component of the Oracle Workflow software in the Oracle E-Business Suite exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

Design/Logic Flaw

Argo Events is an event-driven workflow automation framework for Kubernetes. Prior to version 1.7.1, several HandleRoute endpoints make use of the deprecated ioutil.ReadAll. ioutil.ReadAll reads all the data into memory. As such, an attacker who sends a large request to the Argo Events server wil...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

Cross site request forgery (csrf)

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-22361

CVE-2022-22361 affects IBM Cloud Pak for Business Automation and IBM Business Process Manager, where cross-site request forgery (CSRF) could allow an attacker to execute malicious actions on a trusted user’s behalf. Affected versions include IBM Business Automation Workflow traditional (21.0.1–21...

IBM Business Process Manager和IBM Business Automation Workflow 跨站请求伪造漏洞

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

Security Bulletin: Cross-Site Request Forgery vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-22361

Summary Process Admin Console in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID: CVE-2022-22361 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site request forgery which cou...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...