com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +38 more potentially affected by CVE-2022-25182 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.7)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =2.2.0, =1.0, =1.0, =1.0, =0.1-beta-5, =2.5 and more Source cves: CVE-2022-25182 Source advisory: OSV:GHSA-7RCW-FWFH-2H2G...

org.jenkins-ci.plugins.workflow:workflow-aggregator (>=2.0 <=2.2), org.jenkins-ci.plugins:token-macro (=2.2) +1 more potentially affected by CVE-2022-25184 via org.jenkins-ci.plugins:pipeline-build-step (>=2.0 <=2.1)

org.jenkins-ci.plugins:pipeline-build-step MAVEN version =2.0, =2.0, =1.0.0, =1.0.8 Source cves: CVE-2022-25184 Source advisory: OSV:GHSA-G84F-CMC8-682C...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38900

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a information disclosure attack, potentially revealing sensitive information to an administrator. Vulnerability Details CVEID: CVE-2021-38900 DESCRIPTION: IBM Business Process Manager 8.5 and 8.6 and IBM...

CVE-2021-43929

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in work flow management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Design/Logic Flaw

Improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability in work flow management in Synology DiskStation Manager DSM before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

Exploit for Out-of-bounds Write in Polkit_Project Polkit

pwnKit About: Title: pwnKit Description: Privilege esc...

Security Bulletin: Denial of Service vulnerability in sanitize-html affects IBM Business Automation Workflow (CVE-2021-23382)

Summary A denial of service vulnerability in sanitize-html affects IBM Business Automation Workflow Workflow Center. Vulnerability Details CVEID: CVE-2021-23382 DESCRIPTION: Node.js postcss module is vulnerable to a denial of service, caused by a regular expression denial of Service ReDoS flaw in...

Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-22960, CVE-2021-22959

Summary Configuration Editor in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a HTTP request smuggling attack. Vulnerability Details CVEID: CVE-2021-22960 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body o...

PT-2022-12315 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow versions prior to 2.2.0 Description: The issue affects users with "can create" permissions on DAG Runs, allowing them to create Dag Runs for dags they don't have "edit" permissions for. This is a specific case where the user's...

Unspecified vulnerability in Delta RM (CNVD-2022-10709)

Delta Rm is a simple and effective risk management from Delta Rm France. It is used to simplify risk management methods and save time. A security vulnerability exists in Delta RM 1.2 that stems from the lack of access control on an insecure workflow reset endpoint and the fact that an unauthorize...

Design/Logic Flaw

An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking access controls, and it is possible for an unprivileged user to reopen a risk with a POST request, using the risqueID parameter to identify the risk to be re-opened...

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4516

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2020-4516 DESCRIPTION: IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to cross-site scripting. This...

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow - CVE-2020-4757, PSIRT-ADV0028011, CVE-2020-4934

Summary The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. Vulnerability Details CVEID: CVE-2020-4934 DESCRIPTION: IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the...

entfrm-bpmn (>=8.6.2 <=8.6.6), entfrm-flowable-designer (>=1.0.0 <=1.2.6) +4 more potentially affected by CVE-2021-23460 via min-dash (=3.5.2)

min-dash NPM version =3.5.2 is affected by a known vulnerability. The following packages have a transitive dependency on min-dash and may be impacted: - entfrm-bpmn =8.6.2, =1.0.0, =2.2.0, =1.0.0, =1.1.3 Source cves: CVE-2021-23460 Source advisory: SNYK:JS-MINDASH-2340605...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Security Bulletin: IBM Business Automation Workflow is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Summary Multiple Apache Log4j vunerabilities impact Process Federation Server that is shipped with IBM Business Automation Workflow. This vulnerability includes Apache Log4j v2.17. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused b...

com.groupon.jenkins-ci.plugins:DotCi (>=1.1.1 <=2.36.2), com.groupon.jenkins-ci.plugins:DotCi-DockerPublish (>=1.0.0 <=1.0.3) +10 more potentially affected by CVE-2022-20615 via org.jenkins-ci.plugins:matrix-project (=1.2)

org.jenkins-ci.plugins:matrix-project MAVEN version =1.2 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:matrix-project and may be impacted: - com.groupon.jenkins-ci.plugins:DotCi =1.1.1, =1.0.0, =1.0.1, =1.1.3, =1.1.0, =1.0.0,...

com.nirima:docker-plugin (>=0.17 <=1.0.4), com.testinium.jenkins:testinium (=1.0) +39 more potentially affected by CVE-2022-20616 via org.jenkins-ci.plugins:credentials-binding (>=1.10 <=1.24)

org.jenkins-ci.plugins:credentials-binding MAVEN version =1.10, =0.17, =1.0.43, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.1-preview-1, =1.2.7, =0.1.0, =0.1.1, =0.4.2 and more Source cves: CVE-2022-20616 Source advisory: OSV:GHSA-GQM2-2GCX-P88W...

IBM Engineering Workflow Management has an unspecified vulnerability

IBM Engineering Workflow Management is an engineering lifecycle management solution software for project management from IBM U.S.A. A security vulnerability exists in IBM Engineering Workflow Management, which can be exploited by authenticated attackers to gain access to sensitive information...

Security Bulletin: A Remote Attack Vulnerability in Apache Log4j affects Engineering Lifecycle Management and IBM Engineering products

Summary There is a high risk Remote Attack Vulnerability in Apache Log4j CVE-2021-44228 which is used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Workflow Management EWM, IBM Engineering Systems...