June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016

June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern...

Arbitrary Code Execution

jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...

jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as...

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +4853 more potentially affected by unknown CVE via js-yaml (>=0.3.5 <=3.13.0)

js-yaml NPM version =0.3.5, =1.0.0, =0.0.2, =0.0.1, =1.1.0, =3.3.4, =0.2.0-beta.6.2, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8J8C-7JFH-H6HX...

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified vulnerability related t...

@abdelilah/react-rich-text (=0.0.1), @bemit/flood-admin (>=0.1.2 <=0.1.6) +36 more potentially affected by CVE-2019-12043 via remarkable (>=1.3.0 <=1.7.1)

remarkable NPM version =1.3.0, =0.1.2, =0.1.0, =0.1.0, =4.0.0, =5.17.1, =1.1.2, =0.0.23, =0.0.23, =0.1.0, =2.0.0-beta0, =0.1.9, =0.2.1 - docpack =1.0.0-alpha and more Source cves: CVE-2019-12043 Source advisory: OSV:GHSA-36M4-6V6M-4VPR...

Workflow - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-049

The Workflow module enables you to create arbitrary Workflows, and assign them to Entities. The module doesn't sufficiently escape HTML in the field settings leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4204

This CVE is an XSS vulnerability in IBM Business Automation Workflow and IBM BPM (CVE-2019-4204). Affected products/versions: IBM Business Automation Workflow 18.0.0.0–19.0.0.1; IBM BPM 8.5.7.0–8.6.0.0 CF2017.06 and 8.6.0.0 CF2018.03. The issue allows arbitrary JavaScript in the Web UI, potential...

IBM Business Automation Workflow and IBM Business Process Manager Information Disclosure Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Request Forgery Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

jenkins-plugin-workflow-cps: Sandbox bypass in Pipeline: Groovy Plugin (SECURITY-1336(2))

A flaw was found in the Jenkins Workflow CPS plugin. Parsing, compilation, and script instantiations provided by a crafted Groovy script could escape the sandbox allowing users to execute arbitrary code on the Jenkins master. The highest risk from this vulnerability is to data confidentiality and...

Partner Perspectives: Level Up your EDR Capabilities with Deception-Based Threat Detection from Carbon Black and Smokescreen

Amir Moin is a Product Manager for Smokescreen. All security teams eventually run into the same fundamental problems - low network visibility, overworked security analysts, and breaches that put them on the nine o’clock news. Traditional security solutions are primed toward giving security teams ...

CVE-2018-2000

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890...

CVE-2018-1997

IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774...

Information disclosure

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241...

Design/Logic Flaw

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020...