4499 matches found
CVE-2020-4531
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
CVE-2020-4531
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
Information disclosure
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the...
CVE-2020-4531
CVE-2020-4531 affects IBM Business Automation Workflow (BAW) 18.0, 19.0, and 20.0 and IBM Business Process Manager (BPM) 8.0, 8.5, and 8.6. The vulnerability is an information disclosure where a detailed technical error message returned in a browser could allow a remote attacker to obtain sensiti...
Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4531
Summary IBM Business Process Manager Advanced and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2020-4531 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager could allow a remote attacker to obtain...
The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software lies in the lack of measures taken to protect the website structure. This allows attackers to carry out cross-site scripting attacks.
The vulnerability of the IBM Business Process Manager system and the IBM Business Automation Workflow software relates to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2020-52455)
IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...
CVE-2020-11977
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
Remote code execution
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
CVE-2020-11977
In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution...
CVE-2020-4530
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
Cross site scripting
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2020-4530
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2020-4530
CVE-2020-4530 affects IBM Business Process Manager and IBM Business Automation Workflow (BAW), specifically BPM v8.0, 8.5, 8.6 and BAW C.D.0. The vulnerability is a cross-site scripting flaw stemming from inadequate validation of client-side data in the Web UI, allowing an attacker to inject arbi...
Arbitrary Code Execution
syncope-ext-flowable-bpmn is vulnerable to arbitrary code execution. An administrator with workflow entitlements can use Shell Service Tasks to perform arbitrary code execution when the Flowable extension is enabled...
Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4530
Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. This vulnerability only affects BPM and BAW profiles of type "Advanced". Vulnerability Details CVEID: CVE-2020-4530 DESCRIPTION: IBM Business Automation Workflow and IBM...
CVE-2020-4698
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...
CVE-2020-4516
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2020-4698
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentia...
CVE-2020-4516
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...