4572 matches found
CVE-2015-0102
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Session fixation
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2015-0102
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2015-0102
CVE-2015-0102 affects IBM Workflow for Bluemix. The vulnerability arises because the session cookie is not marked Secure in HTTPS, enabling network attackers to potentially capture the cookie during transmission over HTTP. NVD lists CVSS‑3.1 base score 8.1 (High) and CVSS‑2 base score 5.8 (Medium...
CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
CVE-2019-15613
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
Design/Logic Flaw
A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...
CVE-2019-15613
CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...
PT-2020-9736 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 17.0.1 Description: A bug in the software causes workflow rules to depend on the file extension when checking file mimetypes. There is no information about the estimated number of potentially affected devices worldwid...
GHSA-6F54-3QR9-PJGJ Unauthenticated Access Via OAI-PMH
Impact Media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...
CVE-2020-5228
Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...
CVE-2016-6588
A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...
CVE-2016-6588
A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...
CVE-2016-6589
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...
Denial of service
A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...
Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)
Summary Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...
SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3348-1)
This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...
Security Bulletin: Security vulnerabilities has been identified with the embedded Content Navigator used by IBM Business Automation Workflow (CVE 2019-4263, CVE-2019-10086, CVE-2019-12402)
Summary IBM Business Automation Workflow has addressed the following security vulnerabilities with the embedded Content Navigator. For more information, refer to the X-Force database entries referred to below. Vulnerability Details CVEID: CVE-2019-4263 DESCRIPTION: IBM Content Navigator is...
CVE-2019-15013
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...
Security Bulletin: A denial of service vulnerability has been identified with Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager (CVE-2019-12402)
Summary Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager is vulnerable to denial of service, caused by an error in the internal file name encoding algorithm with Apache Commons Compress. By persuading a victim to open specially crafted ZIP archive containin...