Tangro Business Workflow 授权问题漏洞

Tangro Business Workflow is a German Tangro company's internal control of the contents of SAP documents and the approval process for the visual drawing of the software. A security vulnerability exists in Tangro Business Workflow versions prior to 1.18.1, which stems from a failure of a proper...

Tangro Business Workflow Security Vulnerability

Tangro Business Workflow is a software from the German company Tangro that allows you to visualize the internal control and approval processes of SAP document content. A security vulnerability exists in tangro Business Workflow before 1.18.1, which can be exploited to manipulate documents attache...

CVE-2020-29304

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

Cross site scripting

A cross-site scripting XSS vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through...

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-8201, CVE-2020-8252, CVE-2020-8251

Summary Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2020-8201 DESCRIPTION: Node.js is vulnerable t...

CVE-2019-10328

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

ProcessMaker SQL Injection Vulnerability

ProcessMaker is a software suite for workflow management that can be used to automate workflows, create documents, assign roles and users to processes, and more. download page /sysworkflow/en/neoclassic/reportTables/ in ProcessMaker 3.4.11 A SQL injection vulnerability exists in the sort paramete...

Security Bulletin: Multiple security vulnerabilities with Administration Console for Content Platform Engine component in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4447, CVE-2020-4759

Summary The embedded Content Platform Engine Component, which includes Administration Console for Content Platform Engine ACCE, that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a cross-site scripting vulnerability and a CSV Injection...

IBM Business Automation Workflow Information Disclosure Vulnerability

IBM Business Automation Workflow is a platform for creating workflow applications to improve productivity. An information disclosure vulnerability exists in IBM Business Automation Workflow 19.0.0.3. A local attacker can exploit the vulnerability to read potentially sensitive information stored i...

Security Bulletin: Information disclosure vulnerability may affect IBM Business Automation Workflow - CVE-2020-4900

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2020-4900 DESCRIPTION: IBM Business Automation Workflow stores potentially sensitive information in log files that could be read by a loca...

CVE-2020-4900

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991...

CVE-2020-4900

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991...

Information disclosure

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991...

CVE-2020-4900

CVE-2020-4900 affects IBM Business Automation Workflow 19.0.0.3, which stores potentially sensitive information in log files that could be read by a local user. This is a local information-disclosure vulnerability in the application’s logging, with a base CVSS v3.1 of 5.5 (MEDIUM) and CVSS v2 of ...

CVE-2020-4900

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991...

Moderate: Red Hat Security Advisory: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container

Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container Fixed two jQuery vulnerabilities CVE-2020-11022, CVE-2020-11023 Improved Ansible Tower's web service configuration to allow for processing more simultaneous HTTPs requests by default Updated several dependencies of Ansible Tower's User Interface to...

IBM Business Automation Workflow 日志信息泄露漏洞

IBM Business Automation Workflow is a platform for creating workflow applications to improve productivity. An information disclosure vulnerability exists in IBM Business Automation Workflow 19.0.0.3. A local attacker can exploit the vulnerability to read potentially sensitive information stored i...

JetBrains YouTrack Information Disclosure Vulnerability (CNVD-2020-66291)

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack versions prior to 2020.3.7955, which c...

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow - CVE-2020-4672

Summary IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2020-4672 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web U...

CVE-2020-4672

IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285...