CVE-2022-28862

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized and unexpected operations against the remo...

ARCHIBUS Web Central SQL注入漏洞

ARCHIBUS Web Central is a web-based network management center for ARCHIBUS that organizes facilities and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the currentURL parameter on the Portal Workflow module's edit process page, which is accepted and rendered without sanitization. Details Cross-site scripting or XSS is a code vulnerability that occurs when a...

GHSA-W28V-87G6-CJR6 Liferay DXP Vulnerable to Cross-Site Scripting (XSS) via the currentURL Parameter

Cross-site scripting XSS vulnerability in the Portal Workflow module's edit process page in Liferay DXP 7.0 before fix pack 99, 7.1 before fix pack 23, 7.2 before fix pack 12 and 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the currentURL parameter...

Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...

GHSA-G7XC-M762-WG8F Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which allows remote authenticated users to view and delete workflow submissions via crafted URLs...

Security Bulletin: Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities

Summary Node.js as used by IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM is vulnerable to multiple vulnerabilities. IBM Security QRadar Analyst Workflow App for IBM QRadar SIEM has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2020-28469 DESCRIPTION: Node.js...

OpenStack Horizon Open redirect in workflow forms

An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the "next" parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provid...

OpenStack Mistral DoS

A Denial of Service DoS condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +38 more potentially affected by CVE-2020-2181 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.18)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2020-2181 Source advisory: OSV:GHSA-43J2-R4V3-M8JP...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.logmein:pipeline-bamboo (>=0.0.1 <=0.0.2) +93 more potentially affected by CVE-2020-2109 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2.74)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =0.0.1, =8.0.12, =0.8, =1.0.14, =1.3.0, =1.0, =0.9.0, =1.0, =1.22, =0.0.8, =y - io.fabric8.pipeline:kubernetes-pipeline-aggregator =1.3 and more Source cves: CVE-2020-2109 Source advisory: OSV:GHSA-99MF-F3QH-WQRP...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +15 more potentially affected by CVE-2019-10357 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.11)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =1.0, =1.18, =1.20 and more Source cves: CVE-2019-10357 Source advisory: OSV:GHSA-9X5V-8352-244G...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +37 more potentially affected by CVE-2019-1010241 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.16)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2019-1010241 Source advisory: SNYK:JAVA-ORGJENKINSCIPLUGINS-9402853...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.openshift.jenkins:openshift-pipeline (>=1.0.14 <=1.0.57) +39 more potentially affected by CVE-2022-30945 via org.jenkins-ci.plugins.workflow:workflow-cps (>=0.1-beta-1 <=2660.vb_c0412dc4e6d)

org.jenkins-ci.plugins.workflow:workflow-cps MAVEN version =0.1-beta-1, =1.9.2-beta, =1.0.14, =1.3.0, =0.9.0, =1.22, =1.0, =1.0, =1.0, =0.1-beta-1, =0.1-beta-5, =1.9-beta-1, =2.3 and more Source cves: CVE-2022-30945 Source advisory: OSV:GHSA-2XVX-RW9P-XGFC...

Cybozu Garoon Authorization Issue Vulnerability (CNVD-2022-54304)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An authorization issue vulnerability exists in Cybozu Garoon, which stems from improper privilege management in...

Multiple vulnerabilities in Cybozu Garoon

Overview Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 CyVDB-1865CyVDB-2692 Operation restriction bypass vulnerability in Workflow CWE-285 - CVE-2022-27661...

JVN#73897863: Multiple vulnerabilities in Cybozu Garoon

Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. CyVDB-1584CyVDB-2670 Operation restriction bypass vulnerability in Bulletin CWE-285 - CVE-2022-28718 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N| Base Score: 4.3 CVS...

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An authorization issue vulnerability exists in Cybozu Garoon, which stems from improper privilege management in...

com.bmc.ims:bmc-cfa (=198.vfe106798d1a6), com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9) +135 more potentially affected by CVE-2018-1000058 via org.jenkins-ci.plugins.workflow:workflow-support (>=0.1-beta-1 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-support MAVEN version =0.1-beta-1, =1.9.2-beta, =8.0.12, =0.8, =1.0.14, =1.0, =1.3.0, =1.0, =1.0, =0.9.0, =1.14, =3.11, =3.14 and more Source cves: CVE-2018-1000058 Source advisory: OSV:GHSA-P3G4-9XFV-WQ9V...

Security Bulletin: IBM Case Manager is vulnerable to cross-site scripting - CVE-2020-4768

Summary IBM Case Manager is vulnerable to a cross site scripting attack with the Case package functionality. Vulnerability Details CVEID: CVE-2020-4768 DESCRIPTION: IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This...