Lucene search
K

4572 matches found

CNVD
CNVD
added 2020/06/01 12:0 a.m.3 views

IBM Business Process Manager and IBM Business Automation Workflow Security Bypass Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

6.1CVSS6.8AI score0.0086EPSS
Exploits0References1
NVD
NVD
added 2020/05/29 1:15 p.m.16 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

6.1CVSS5.5AI score0.0086EPSS
Exploits0References2
OSV
OSV
added 2020/05/29 1:15 p.m.4 views

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

6.1CVSS6.2AI score0.0086EPSS
Exploits0References2
Prion
Prion
added 2020/05/29 1:15 p.m.14 views

Security feature bypass

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

5.8CVSS6.1AI score0.0086EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2020/05/29 1:10 p.m.42 views

CVE-2020-4490

CVE-2020-4490 affects IBM Business Automation Workflow (V18.0, V19.0) and IBM Business Process Manager (V8.0, V8.5, V8.6). The IBM bulletin confirms a reverse tabnabbing-mediated security bypass that could let remote attackers bypass restrictions and redirect victims to phishing sites. The root c...

6.1CVSS6.1AI score0.0086EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/28 4:31 p.m.24 views

Security Bulletin: Reverse tabnabbing vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4490

Summary IBM Business Process Manager Process Center and IBM Business Automation Workflow Workflow Center are vulnerable to a reverse tabnabbing vulnerability. Vulnerability Details CVEID: CVE-2020-4490 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager could allow a...

6.1CVSS1.1AI score0.0086EPSS
Exploits0Affected Software4
Gitee
Gitee
added 2020/05/12 1:38 p.m.4 views

vulhub

This repository is an open-source collection of vulnerable web applications and environments for security testing and education, maintained by vulhub. It is a defensive blue-team research and threat mitigation tool. The repository contains a variety of vulnerable web applications and environments...

6.9AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2020/05/08 12:0 a.m.5 views

The vulnerability of the Workflow Notification Mailer component of the Oracle Workflow software, a system for automating business processes within the Oracle E-Business Suite. This component allows an intruder to access, modify, add, or delete data.

The vulnerability of the Workflow Notification Mailer component of the Oracle Workflow software in the Oracle E-Business Suite relates to deficiencies in access control. Exploiting this vulnerability could allow an attacker to gain access to modify, add, or delete data using the HTTP protocol...

5.3CVSS6.3AI score0.01061EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2020/05/07 12:0 a.m.2 views

Unspecified Vulnerability in IBM Business Process Manager and Business Automation Workflow

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

4.3CVSS6.8AI score0.00898EPSS
Exploits0References1
NVD
NVD
added 2020/05/06 2:15 p.m.15 views

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126...

4.3CVSS4.5AI score0.00898EPSS
Exploits0References2
OSV
OSV
added 2020/05/06 2:15 p.m.5 views

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126...

4.3CVSS5.8AI score0.00898EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/05/06 1:45 p.m.21 views

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126...

4.3CVSS4.5AI score0.00898EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2020/05/05 4:35 p.m.18 views

Security Bulletin: Information disclosure vulnerability affecting IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4446

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2020-4446 DESCRIPTION: IBM Business Process Manager and IBM Business Automation Workflow could allow a remote attacker to bypass security...

4.3CVSS0.6AI score0.00898EPSS
Exploits0Affected Software4
CVE
CVE
added 2020/04/30 4:7 a.m.48 views

CVE-2020-12283

Sourcegraph before 3.15.1 is affected by an improper validation in the SafeRedirectURL method (cmd/frontend/auth/redirect.go), leading to a vulnerable authentication workflow (example: //foo//example.com). The issue is tied to the authentication redirect logic and can enable an open redirect/auth...

6.1CVSS6.3AI score0.013EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2020/04/30 4:7 a.m.29 views

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

6.4AI score0.013EPSS
Exploits1References5
NVD
NVD
added 2020/04/28 4:15 a.m.27 views

CVE-2020-5565

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'...

4.3CVSS4.4AI score0.00773EPSS
Exploits0References2
OSV
OSV
added 2020/04/28 4:15 a.m.3 views

CVE-2020-5565

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'...

4.3CVSS5.9AI score
Exploits0References2
Prion
Prion
added 2020/04/28 4:15 a.m.15 views

Input validation

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'...

4CVSS4.9AI score0.00773EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/04/28 3:15 a.m.21 views

CVE-2020-5565

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'...

5AI score0.00773EPSS
Exploits0References2
CNVD
CNVD
added 2020/04/28 12:0 a.m.3 views

Cybozu Garoon Input Validation Error Vulnerability (CNVD-2020-26658)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. An input validation error vulnerability exists in Cybozu Garoon versions 4.0.0 through 4.10.3. A remote attacker...

4.3CVSS6.9AI score0.00773EPSS
Exploits0References1
Rows per page
Query Builder