Your guide to mobile digital forensics

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Security Product Marketing Manager Natalia Godyla talks with Cellebrite Senior Director of...

JAMF Jamf Pro 代码问题漏洞

JAMF Jamf Pro is an Apple device management solution from Jamf America JAMF. A security vulnerability exists in Jamf Pro that stems from an issue discovered in Jamf Pro prior to 10.32.0, PI-009921, where incorrect privileges may be granted to an account in response to authentication using a...

Commvault CommCell Remote Code Execution Vulnerability

Commvault CommCell enables fast, large-scale backup and recovery of virtual machines, structured and unstructured data.A remote code execution vulnerability exists in the DemoExecuteProcessOnGroup workflow in versions of Commvault CommCell prior to 11.25, which could be exploited by an attacker t...

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91664)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software features bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that stemmed from...

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with exploits and tools to demonstrate their vulnerabilities. The primary vulnerability targeted by this repository is not explicitly stated, b...

nuclei-templates

This repository is an offensive tool for nuclei templates, which are used to find security vulnerabilities in applications. The primary CVE ID present in the context is not explicitly mentioned, but the repository contains a workflow for CVE annotation. The target product/service or framework is...

IBM Business Automation Workflow has an unspecified vulnerability

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation in the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a security...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

Authentication flaw

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2021-29753

CVE-2021-29753 affects IBM Cloud Pak for Automation and IBM BPM. Affected: IBM Cloud Pak for Automation (V18.0–V21.0) with BPM V8.5–V8.6. Description: the products “transmit or store authentication credentials” using an insecure method, enabling potential unauthorized interception and retrieval o...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29753

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-29753 DESCRIPTION: IBM Business Automation Workflow transmits or stores authentication credentials, but it uses an insecure method th...

IBM Business Automation Workflow 安全漏洞

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation in the United States. The product is primarily used for workflow management, compliance management, and has features such as workflow visibility and scalability.IBM Business Automation Workflow has a security...

Communities and collections administrators can escalate their privilege up to system administrator

Impact Any community or collection administrator can escalate their permission up to become system administrator. This vulnerability only existed in 7.0 and does not impact 6.x or below. Patches Fix is included in 7.1. Please upgrade to 7.1 at your earliest convenience. Workarounds In 7.0,...

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey corebos team, in the meanwhile I find another low level CSRF. attacker can activate/deactivate a Task of workflow with CSRF attack. Proof of Concept // PoC.html history.pushState'', '', '/'...

CVE-2021-41189

CVE-2021-41189 affects DSpace 7.0; any community/collection administrator can escalate to system administrator due to a privilege elevation issue. The vulnerability is limited to 7.0 and is not present in 6.x or earlier. It is patched in 7.1. Workarounds in 7.0 include disabling community/collect...

Security Bulletin: Multiple vulnerabilites affect Engineering Lifecycle Management and IBM Engineering products.

Summary There are multiple vulnerabilities that are used by IBM Jazz Team Server affecting the following IBM Jazz Team Server based Applications: Engineering Lifecycle Management ELM, IBM Engineering Requirements Management DOORS Next DOORS Next, IBM Engineering Workflow Management EWM, IBM...

Vulnerability On-Demand Search Reporting & Easy Download options

Vulnerability reporting is different from any other aspect of a Vulnerability Management Program. The methodologies of Discover, Assess, Report and Remediate are critical components that should be included in the respective sections of a Vulnerability Report. Qualys VMDR Vulnerability Management...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2021-94166)

IBM Business Automation Workflow is a workflow automation solution. The product is mainly used for workflow management, compliance management, and has features such as workflow visibility and scalability. IBM Business Automation Workflow has a cross-site scripting vulnerability that can be...

CVE-2021-29835

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...