CVE-2021-29835

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2021-29835

IBM Business Automation Workflow (IBM Cloud Pak for Business Automation) is affected by CVE-2021-29835: cross-site scripting in the Web UI for versions 18.0–21.0. The root cause is improper handling of UI input leading to JavaScript injection, with potential credential exposure in a trusted sessi...

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2021-29835

Summary IBM Business Automation Workflow are vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID: CVE-2021-29835 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed...

IBM Business Process Manager和IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a workflow automation solution. The product is mainly used for workflow management, compliance management, and has features such as workflow visibility and scalability. IBM Business Automation Workflow has a cross-site scripting vulnerability that can be...

Microsoft SharePoint Workflow Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of custom workflows. The issue results from the lack of proper validation ...

Design/Logic Flaw

Vulnerability in the Oracle Shipping Execution product of Oracle E-Business Suite component: Workflow Events. Supported versions that are affected are 12.2.6-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Shipping...

CVE-2021-35563

CVE-2021-35563 affects Oracle Shipping Execution in Oracle E-Business Suite (component: Workflow Events). Affected versions: 12.2.6–12.2.10. The vulnerability allows a low-privileged, network-accessible attacker over HTTP to compromise data, enabling unauthorized creation, deletion, or modificati...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Automation Workflow is a workflow automation solution from IBM Corporation. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability.IBM Business Automation Workflow suffers from a cross-site scripting vulnerabilit...

CVE-2021-29878

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

Cross site scripting

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2021-29878

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...

CVE-2021-29878

IBM BUSINESS AUTOMATION WORKFLOW is affected by CVE-2021-29878, a cross-site scripting vulnerability in Case Builder within Workflow Center. The issue stems from insufficient validation/escaping of user-supplied parameters in the Web UI, enabling an attacker to embed arbitrary JavaScript and pote...

in tsolucio/corebos

Description Just like last report of mine there is another improper privilege management that test user can see other users special workflow contents like Tasks just go to this link that belong to admin from another users account...

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

Description Hey Corebos team An attacker able to delete a workFlow as there isn't exist any CSRF token for it. //PoC.html history.pushState'', '', '/' document.forms0.submit; after that you open the PoC.html file the workflow with id equal to 27 will be deleted...

Security Bulletin: Cross site scripting vulnerability affecting Case Builder in IBM Business Automation Workflow - CVE-2021-29878

Summary IBM Business Automation Workflow Case Builder in Workflow Center is vulnerable to cross site scripting. Vulnerability Details CVEID: CVE-2021-29878 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

vulhub1

This repository is an offensive tool for vulnerability research and exploitation, specifically targeting various web applications and services. It contains a collection of exploits and tools for identifying and exploiting vulnerabilities in software and systems. The repository includes a variety ...

VMware vRealize Orchestrator Open Redirect Vulnerability

VMware vRealize Orchestrator is a modern workflow automation platform that simplifies and automates complex data center infrastructure processes VMware vRealize Orchestrator has an open redirection vulnerability that could be exploited by an attacker to redirect victims to an attacker-controlled...

CVE-2021-41110

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...

CVE-2021-41110

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...

Deserialization of untrusted data

cwlviewer is a web application to view and share Common Workflow Language workflows. Versions prior to 1.3.1 contain a Deserialization of Untrusted Data vulnerability. Commit number f6066f09edb70033a2ce80200e9fa9e70a5c29de dated 2021-09-30 contains a patch. There are no available workarounds asid...