CVE-2019-14352

In Joget Workflow 6.0.20, CSV Injection, also known as Formula Injection, exists, as demonstrated by jw/web/userview/crmcommunity/crmuserviewsales//accountnew with the Account ID or Account Name field. NOTE: the vendor disputes the relevance of this finding because CSV is not the intended export...

PT-2019-13631 · Joget · Joget Workflow

Name of the Vulnerable Software and Affected Versions: Joget Workflow version 6.0.20 Description: The issue exists in Joget Workflow, where CSV Injection, also known as Formula Injection, can occur. This is demonstrated by the "/jw/web/userview/crm community/crm userview sales/ /account new"...

Security Bulletin: An Apache PDFBox security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2018-8036)

Summary IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache PDFBox is vulnerable to a denial of service, caused by an out-of-memory exception in AFMParser. By persuading a victim to open a specially-crafted file, a remote...

XML External Entity (XXE)

apache syncope is vulnerable to XML external entity attacks XXE. An attacker is able to read and write arbitrary files and execute arbitrary code using malicious DTDs in the workflow definition entitlements...

IBM Business Process Manager and IBM Business Automation Workflow Denial of Service Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

IBM Business Process Manager and IBM Business Automation Workflow Input Validation Error Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

jenkins-plugin-workflow-remote-loader: Unsafe Script Security whitelist entry in Pipeline Remote Loader Plugin (SECURITY-921)

A flaw was found in the Jenkins Workflow Remote Loader plugin. An unsafe whitelist entry was made that allowed invoking arbitrary methods and bypassing sandbox protection. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

Security Bulletin: An HttpClient security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2012-5783)

Summary IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4410

CVE-2019-4410 affects IBM Business Automation Workflow and IBM BPM. The IBM Security Bulletin documents a cross-site scripting vulnerability in IBM Business Automation Workflow 18.0.0.0–18.0.0.2 and 19.0.0.1 (and BPM variants) that allows embedding arbitrary JavaScript in the Web UI, potentially ...

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

PT-2019-17068 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Automation Workflow version 19.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality an...

June 27, 2019 — KB4502584 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10, version 1903 and Windows Server 1903 RTM

June 27, 2019 — KB4502584 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10, version 1903 and Windows Server 1903 RTM Release Date: 06/27/2019 Version: .NET Framework 3.5 and 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the...

June 18, 2019 — KB4502563 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803

June 18, 2019 — KB4502563 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

June 18, 2019 — KB4502562 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709

June 18, 2019 — KB4502562 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

June 18, 2019 — KB4502561 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703

June 18, 2019 — KB4502561 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016

June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern...