CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2021/06/28 4:15 p.m.•19 views

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779...

4.3CVSS0.0085EPSS

OSV•added 2021/06/28 4:15 p.m.•2 views

CVE-2021-29775

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.4AI score

OSV•added 2021/06/28 4:15 p.m.•2 views

CVE-2021-29751

4.3CVSS5.8AI score0.0085EPSS

NVD•added 2021/06/28 4:15 p.m.•12 views

CVE-2021-29775

6.4CVSS0.00876EPSS

Prion•added 2021/06/28 4:15 p.m.•17 views

Code injection

3.5CVSS4AI score0.0085EPSS

Prion•added 2021/06/28 4:15 p.m.•14 views

Cross site scripting

4.3CVSS5.2AI score0.00876EPSS

CVE•added 2021/06/28 3:55 p.m.•57 views

CVE-2021-29775

CVE-2021-29775 affects IBM Cloud Pak for Automation and IBM Business Automation Workflow. Concrete details across connected sources show a cross-site scripting vulnerability in the Web UI that allows embedding arbitrary JavaScript, potentially leading to credentials disclosure within a trusted se...

6.4CVSS5.4AI score0.00876EPSS

Cvelist•added 2021/06/28 3:55 p.m.•16 views

CVE-2021-29751

3.1CVSS4.3AI score0.0085EPSS

CVE•added 2021/06/28 3:55 p.m.•52 views

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, 20.0 and IBM Business Process Manager 8.5, 8.6 are affected by an access control error that could allow an authenticated user to obtain sensitive information about another user in non-default configurations. Root cause described across connected source...

4.3CVSS4.4AI score0.0085EPSS

IBM Security Bulletins•added 2021/06/25 8:42 a.m.•46 views

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL cou...

9.8CVSS1AI score0.69062EPSS

Exploits5Affected Software4

IBM Security Bulletins•added 2021/06/25 6:15 a.m.•17 views

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow are vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2021-29775 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

6.4CVSS1.6AI score0.00876EPSS

Exploits0Affected Software4

IBM Security Bulletins•added 2021/06/25 6:13 a.m.•23 views

Security Bulletin: Incorrect authorization in IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary IBM Business Process Manager and IBM Business Automation Workflow allow an authenticated user to obtain sensitive information about another user. Vulnerability Details CVEID: CVE-2021-29751 DESCRIPTION: IBM Business Automation Workflow could allow an authenticated user to obtain sensitive...

4.3CVSS0.8AI score0.0085EPSS

Exploits0Affected Software4

CNNVD•added 2021/06/25 12:0 a.m.•2 views

IBM Business Process Manager和IBM Business Automation Workflow 访问控制错误漏洞

4.3CVSS5.6AI score0.0085EPSS

Exploits0References4

Zero Day Initiative•added 2021/06/23 12:0 a.m.•77 views

Microsoft SharePoint WorkflowCompilerInternal Exposed Dangerous Function Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft SharePoint. Authentication is required to exploit this vulnerability. The specific flaw exists within the System.Workflow.ComponentModel.Compiler.WorkflowCompilerInternal class. This class...

7.5CVSS4AI score0.02962EPSS

Exploits0References1

Gitee•added 2021/06/22 3:15 p.m.•3 views

vulhub

This repository is an offensive tool for vulnerability research and exploitation. It contains a collection of vulnerable applications and services, along with proof-of-concept PoC exploits and tools for exploiting them. The repository is maintained by phith0n and is available on GitHub. The...

7.5AI score

The Hacker News•added 2021/06/18 7:20 a.m.•50 views

Google Releases New Framework to Prevent Software Supply Chain Attacks

As software supply chain attacks emerge as a point of concern in the wake of SolarWinds and Codecov security incidents, Google is proposing a solution to ensure the integrity of software packages and prevent unauthorized modifications. Called "Supply chain Levels for Software Artifacts" SLSA, and...

0.1AI score

Trend Micro Simply Security•added 2021/06/17 12:0 a.m.•18 views

Prove PCI DSS Compliance with Automation

Meet PCI DSS compliance needs without interrupting your workflow...

4AI score