29 matches found
EUVD-2014-3628
Malware in sbrugna...
EUVD-2022-2850
Malicious code in bioql PyPI...
EUVD-2023-44902
Malicious code in bioql PyPI...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
Design/Logic Flaw
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36485
The workflow-engine of ILIAS before 7.23 and 8 before 8.3 allows remote authenticated users to run arbitrary system commands on the application server as the application user via a malicious BPMN2 workflow definition file...
CVE-2023-36485
The CVE concerns ILIAS workflow-engine vulnerability present in versions prior to 7.23 (and 8 prior to 8.3). A malicious BPMN2 workflow definition file can be used by remote authenticated users to execute arbitrary system commands on the application server as the ILIAS application user, due to in...
SAP PowerDesigner Input Validation Error Vulnerability
SAP PowerDesigner is a database design software from SAP Germany. An input validation error vulnerability exists in SAP PowerDesigner version 16.7, which stems from an inability to adequately validate a BPMN2 XML document imported from an untrusted source. An attacker could exploit this...
CVE-2023-40310
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
Xxe
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
CVE-2023-40310
SAP PowerDesigner Client 16.7 is affected by an input validation weakness in BPMN2 XML imports from untrusted sources. The vulnerability allows URLs of external entities in the BPMN2 file to be accessed during import, potentially impacting availability. Root cause: insufficient validation of BPMN...
CVE-2023-40310 Missing XML Validation vulnerability in SAP PowerDesigner Client BPMN2 import
SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP...
PT-2023-8583 · Ilias · Ilias
Name of the Vulnerable Software and Affected Versions: ILIAS versions prior to 7.23 ILIAS versions 8 prior to 8.3 Description: The issue is related to insufficient input validation in the workflow-engine of ILIAS, allowing remote authenticated users to execute arbitrary system commands on the...
com.geeoz.atom:atom-api (>=1.0d12 <=1.0d31), com.geeoz.atom:atom-kie (=1.0d31) +36 more potentially affected by CVE-2014-8125 via org.jbpm:jbpm-bpmn2 (>=5.1.0.Final <=6.2.0.CR4)
org.jbpm:jbpm-bpmn2 MAVEN version =5.1.0.Final, =1.0d12, =1.0d30, =1.0d18, =1.0d12, =1.0d12, =0.2, =1.1.0.17-1, =0.5.0, =0.5.0, =0.5.4 and more Source cves: CVE-2014-8125 Source advisory: OSV:GHSA-6QX9-RF9G-7JMR...
Improper Input Validation in Drools and jBPM
XML external entity XXE vulnerability in Drools and jBPM before 6.2.0 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted BPMN2 file...
Security Bulletin: XXE Vulnerability in Drools Affects IBM Sterling B2B Integrator (CVE-2014-8125)
Summary IBM Sterling B2B Integrator has addressed the security vulnerability. Vulnerability Details CVEID: CVE-2014-8125 DESCRIPTION: Drools and jBPM could allow a remote attacker to obtain sensitive information, caused by an XML External Entity Injection XXE error within the jBPM runtime. By...
Important: Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.4.12 security update
An update is now available for Red Hat JBoss BPM Suite. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in...