Lucene search
K

4576 matches found

CVE
CVE
added 2017/04/28 4:0 p.m.50 views

CVE-2017-2094

Cybozu Garoon 3.0.0–4.2.3 contains an access restriction flaw in Workflow and the MultiReport function (CWE-284) that allows remote authenticated attackers to bypass permissions and alter or delete information. Affected product: Cybozu Garoon. Root cause: inadequate access control within the Work...

4.3CVSS4.6AI score0.01056EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/04/28 4:0 p.m.27 views

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors...

4.7AI score0.01056EPSS
Exploits0References3
rapid7community
rapid7community
added 2017/04/24 4:2 a.m.29 views

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM...

6.9AI score
Exploits0
CNVD
CNVD
added 2017/04/12 12:0 a.m.4 views

Atlassian JIRA Remote Code Execution Vulnerability

Atlassian JIRA is a project and transaction tracking tool from Atlassian. The Atlassian JIRA Workflow Designer plug-in does not properly use XML parsers and parallelizers, which can be exploited by remote attackers to submit special serialized Java objects, execute arbitrary code, read arbitrary...

9.8CVSS7.4AI score0.16239EPSS
Exploits1References1
OSV
OSV
added 2017/04/10 3:59 p.m.4 views

CVE-2017-5983

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

9.8CVSS6AI score0.16239EPSS
Exploits1References5
NVD
NVD
added 2017/04/10 3:59 p.m.24 views

CVE-2017-5983

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

9.8CVSS9.5AI score0.16239EPSS
Exploits1References5
Prion
Prion
added 2017/04/10 3:59 p.m.27 views

Code injection

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

7.5CVSS9.4AI score0.16239EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2017/04/10 3:0 p.m.25 views

CVE-2017-5983

The JIRA Workflow Designer Plugin in Atlassian JIRA Server before 6.3.0 improperly uses an XML parser and deserializer, which allows remote attackers to execute arbitrary code, read arbitrary files, or cause a denial of service via a crafted serialized Java object...

9.5AI score0.16239EPSS
Exploits1References5
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2017/02/20 6:40 a.m.2 views

Cybozu Garoon fails to restrict access permission in Workflow and the function "MultiReport"

Overview Cybozu Garoon provided by Cybozu,Inc. is a groupware. Cybozu Garoon contains an access restriction flaw in Workflow and the function "MultiReport". Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. Impact A user may alter or delete...

4.3CVSS6.5AI score0.01056EPSS
Exploits0References5
OpenVAS
OpenVAS
added 2017/02/16 12:0 a.m.23 views

Cisco UCS Director Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyrig...

8.8CVSS8.8AI score0.00333EPSS
Exploits0References1
Prion
Prion
added 2017/02/15 8:59 p.m.20 views

Privilege escalation

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

4.6CVSS8.7AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/02/15 8:0 p.m.19 views

CVE-2017-3801

A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and 6.0.0.1 could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile, a Privilege Escalation Vulnerability. The vulnerability is due to improper role-based access control RBAC...

8.9AI score0.00333EPSS
Exploits0References3
Cisco
Cisco
added 2017/02/15 4:0 p.m.19 views

Cisco UCS Director Privilege Escalation Vulnerability

A vulnerability in the web-based GUI of Cisco UCS Director could allow an authenticated, local attacker to execute arbitrary workflow items with just an end-user profile. The vulnerability is due to improper role-based access control RBAC after the Developer Menu is enabled in Cisco UCS Director...

9.9CVSS8.9AI score0.00333EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2017/02/14 10:48 p.m.26 views

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

5.9CVSS3.5AI score0.00372EPSS
Exploits0References1
Atlassian
Atlassian
added 2017/02/13 4:43 a.m.53 views

Multiple Vulnerabilities in JIRA Workflow Servlet

||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...

9.8CVSS4.6AI score0.16239EPSS
Exploits1Affected Software1
Atlassian
Atlassian
added 2017/02/13 4:43 a.m.34 views

Multiple Vulnerabilities in JIRA Workflow Servlet

||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...

9.8CVSS9.1AI score0.16239EPSS
Exploits1
Atlassian
Atlassian
added 2017/02/13 4:43 a.m.103 views

Multiple Vulnerabilities in JIRA Workflow Servlet

||Affected Versions|| |4.2.4 = version 6.3.0| An anonymous user can perform multiple attacks on a vulnerable JIRA instance that could cause remote code execution, the disclosure of private files or execute a denial of service attack against the JIRA server. This vulnerability is caused by the way...

9.8CVSS4.6AI score0.16239EPSS
Exploits1Affected Software1
OSV
OSV
added 2017/02/07 5:59 p.m.5 views

CVE-2016-1894

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors...

8.1CVSS5.8AI score0.02836EPSS
Exploits0References2
Prion
Prion
added 2017/02/07 5:59 p.m.20 views

Authentication flaw

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors...

9.3CVSS7.5AI score0.02836EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/02/07 5:59 p.m.25 views

CVE-2016-1894

NetApp OnCommand Workflow Automation before 3.1P2 allows remote attackers to bypass authentication via unspecified vectors...

9.3CVSS8.2AI score0.02836EPSS
Exploits0References2
Rows per page
Query Builder