Logic Flaw Vulnerability in Galloping Workflow Engine CCBMP Workflow Management System, Process Designer System

Jinan Chidori Information Technology Co., Ltd. specializes in process engine form engine research and development and innovation. A logic flaw vulnerability exists in the workflow engine CCBMP workflow management system and process designer system. An attacker can utilize the vulnerability to...

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow - CVE-2020-4687, CVE-2020-4760, CVE-2020-4704

Summary The embedded IBM Content Navigator, that is shipped with IBM Business Automation Workflow is vulnerable to several security vulnerabilities. Vulnerability Details CVEID: CVE-2020-13956 DESCRIPTION: Apache HttpClient could allow a remote attacker to bypass security restrictions, caused by...

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2021-20358

Summary IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights. Vulnerability Details CVEID: CVE-2021-20358 DESCRIPTION: IBM Business Automation Insights stores potentially sensitive information in clear text in API connectio...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2021-14750)

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is Github an open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that allows bypassing restrictions tha...

IBM Engineering Workflow Management 跨站脚本漏洞

IBM Engineering Workflow Management EWM is a team collaboration tool that integrates a variety of development tasks, including iteration planning, process definition, change management, defect tracking, source code control, build automation, and reporting. A cross-site scripting vulnerability...

Argo Code Issues Vulnerabilities

Argo is an open source container native workflow engine. A code issue vulnerability exists in Argo CD versions prior to 1.8.4, which stems from the incorrect handling of Token in the util/session/sessionmanager.go file, resulting in the Token remaining valid after the user is unavailable. No...

Security Bulletin: Multiple CVEs - Vulnerabilities in IBM Java Runtime affect IBM Integration Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary Vulnerabilities in IBM® Runtime Environment Java™ Versions 7 and 8 used by IBM Integration Designer. IBM Integration Designer has addressed the following CVEs. Vulnerability Details CVEID: CVE-2020-14782 DESCRIPTION: An unspecified vulnerability in Java SE related to the Libraries compone...

Apache Airflow Access Control Error Vulnerability

Apache Airflow is an Apache project maintained by the open source community dedicated to scheduling and monitoring workflows, open sourced by Airbnb in October 2014 and graduated from the Apache Foundation in January 2019 to become the new Apache top-level project. Failure of proper access contro...

Security Bulletin: OpenSSL vulnerability affects IBM Engineering Workflow Management

Summary OpenSSL has a security vulnerability that allows a remote attacker to exploit the application. OpenSSL is used by Rational BuildForge Agent shipped with IBM Engineering Workflow Management. Rational BuildForge has addressed the applicable CVE. Vulnerability Details CVEID: CVE-2019-1551...

CVE-2021-23338

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function...

PYSEC-2021-86

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function...

PYSEC-2021-86

This affects all versions of package qlib. The workflow function in cli part of qlib was using an unsafe YAML load function...

CVE-2021-23338

CVE-2021-23338 affects all versions of the qlib package. The CLI workflow function uses an unsafe YAML load, enabling Deserialization of Untrusted Data. There is no explicit exploitation detail provided in the initial documents. Several connected advisories corroborate a Deserialization of Untrus...

Qlib Security Vulnerabilities

A security vulnerability exists in all versions of qlib that stems from the use of insecure YAML load functions for workflow functions...

CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Cross site scripting

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2020-4768

IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

CVE-2020-4768

IBM CVE-2020-4768 affects IBM Case Manager and IBM Business Automation Workflow. The issue is a cross-site scripting vulnerability in the Web UI that could allow embedding arbitrary JavaScript and potentially disclose credentials within a trusted session. Affected products/versions include IBM Ca...