Security Bulletin: IBM Process Mining is vulnerable to phishing attacks due to URI.js. CVE-2022-0868

Summary URI.js is used by IBM Process Mining. CVE-2022-0868. Vulnerability Details CVEID:CVE-2022-0868 DESCRIPTION: URI.js could allow a remote authenticated attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a...

Security Bulletin: Vulnerability in Node.js lodash affects IBM Process Mining (CVE-2021-23337,CVE-2020-28500)

Summary There is a vulnerability in Node.js lodash that could allow remote execution of arbitrary commands. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-23337 DESCRIPTION: Node.js...

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in jackson-databind that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION:...

Security Bulletin: IBM Process Mining is vulnerable to DOS due to Eclipse Jetty CVE-2018-12545

Summary Eclipse Jetty is used by IBM Process Mining. CVE-2018-12545 Vulnerability Details CVEID:CVE-2018-12545 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by the additional CPU and memory allocations required to handle changed settings. By sending either large SETTINGs...

Security Bulletin: Vulnerability in Moment affects IBM Process Mining . CVE-2022-31129

Summary There is a vulnerability in Moment that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-31129 DESCRIPTION: Moment is vulnerable to a denial of...

Security Bulletin: Vulnerability in Node.js normalize-url affects IBM Process Mining (CVE-2021-33502)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-33502 DESCRIPTION: Node.js...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining . CVE-2022-42252

Summary There is a vulnerability in Apache Tomcat that could allow an attacker to execute XSS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-42252 DESCRIPTION: Apache...

Security Bulletin: Vulnerability in Apache Commons IO affects IBM Process Mining (CVE-2021-29425)

Summary There is a vulnerability in Apache Commons IO that could allow aremote attacker to traverse directories on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29425...

Security Bulletin: Vulnerability in FasterXML jackson-databind affects IBM Process Mining . CVE-2020-36518

Summary There is a vulnerability in FasterXML jackson-databind that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36518 DESCRIPTION: FasterXML...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining . CVE-2022-2048

Summary There is a vulnerability in Eclipse Jetty that could allow a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-2048 DESCRIPTION: Eclipse Jetty is vulnerable to ...

Security Bulletin: Vulnerability in Node.js Color-String affects IBM Process Mining (CVE-2021-29060)

Summary There is a vulnerability in Node.js Color-String that could allow a local attacker to launch a dos attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29060 DESCRIPTION:...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27216)

Summary There is a vulnerability in Eclipse Jetty that could allow a local authenticated attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Security Bulletin: Vulnerability in nth-check affects IBM Process Mining (CVE-2021-3803)

Summary There is a vulnerability in nth-check that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is...

Security Bulletin: Vulnerability in bpmn affects IBM Process Mining . WS-2019-0148

Summary There is a vulnerability in bpmn that could allow a remote attacker to execute a malicious script due to XSS. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 221056 DESCRIPTION...

Security Bulletin: Vulnerability in Jettison affects IBM Process Mining . Multiple CVEs

Summary There is a vulnerability in Jettison that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40150 DESCRIPTION: jettison-jso...

Security Bulletin: Vulnerability in min-dash affects IBM Process Mining [CVE-2021-23460]

Summary There is a vulnerability in min-dash that could allow a remote attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. CVE-2021-23460 Vulnerability Details...

Security Bulletin: Vulnerability in minimatch affects IBM Process Mining . CVE-2022-3517

Summary There is a vulnerability in minimatch that could allow a remote attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-3517 DESCRIPTION: minimatc...

Security Bulletin: Vulnerability in Microsoft .NET Core and Visual Studio affects IBM Process Mining . CVE-2021-26701

Summary There is a vulnerability in Microsoft .NET Core and Visual Studio that could allow an attacker to execute arbitrary code on the system The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4j Vulnerability --- --- --- Tutorial: https...

Google Takes Down 50,000 Instances of Pro-Chinese DRAGONBRIDGE Influence Operation

Google on Thursday disclosed it took steps to dismantle over 50,000 instances of activity orchestrated by a pro-Chinese influence operation known as DRAGONBRIDGE in 2022. "Most DRAGONBRIDGE activity is low quality content without a political message, populated across many channels and blogs," the...