Lucene search
K

4572 matches found

NVD
NVD
added 2020/02/05 6:15 p.m.20 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

8.1CVSS7.8AI score0.0171EPSS
Exploits0References3
Prion
Prion
added 2020/02/05 6:15 p.m.13 views

Session fixation

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5.8CVSS6.8AI score0.0171EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/05 5:23 p.m.18 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

7.9AI score0.0171EPSS
Exploits0References3
CVE
CVE
added 2020/02/05 5:23 p.m.51 views

CVE-2015-0102

CVE-2015-0102 affects IBM Workflow for Bluemix. The vulnerability arises because the session cookie is not marked Secure in HTTPS, enabling network attackers to potentially capture the cookie during transmission over HTTP. NVD lists CVSS‑3.1 base score 8.1 (High) and CVSS‑2 base score 5.8 (Medium...

8.1CVSS7.7AI score0.0171EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/02/04 8:15 p.m.30 views

CVE-2019-15613

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

8CVSS7.7AI score0.0113EPSS
Exploits0References4
OSV
OSV
added 2020/02/04 8:15 p.m.20 views

CVE-2019-15613

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

8CVSS6.6AI score
Exploits0References4
Prion
Prion
added 2020/02/04 8:15 p.m.17 views

Design/Logic Flaw

A bug in Nextcloud Server 17.0.1 causes the workflow rules to depend their behaviour on the file extension when checking file mimetypes...

6CVSS7.7AI score0.0113EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2020/02/04 7:8 p.m.156 views

CVE-2019-15613

CVE-2019-15613 affects Nextcloud Server 17.0.1, where a bug causes workflow rules to depend on the file extension when checking MIME types. This can impact all three security properties (confidentiality, integrity, availability) per CVSS metrics (NVD: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H; base sco...

8CVSS7.6AI score0.0113EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/02/04 12:0 a.m.3 views

PT-2020-9736 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server version 17.0.1 Description: A bug in the software causes workflow rules to depend on the file extension when checking file mimetypes. There is no information about the estimated number of potentially affected devices worldwid...

8.1CVSS5.7AI score0.01924EPSS
Exploits15References73
OSV
OSV
added 2020/01/30 9:22 p.m.1 views

GHSA-6F54-3QR9-PJGJ Unauthenticated Access Via OAI-PMH

Impact Media publication via OAI-PMH allows unauthenticated public access to all media and metadata by default. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...

7.6CVSS5.8AI score0.00977EPSS
Exploits0References3
NVD
NVD
added 2020/01/30 8:15 p.m.26 views

CVE-2020-5228

Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is part of the default workflow and is activated by default, requiring active user intervention of users to protect media. This leads to users unknowingly handing out public...

7.6CVSS7.3AI score0.00977EPSS
Exploits0References2
OSV
OSV
added 2020/01/08 5:15 p.m.4 views

CVE-2016-6588

A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...

5.4CVSS5.8AI score0.00843EPSS
Exploits0References3
NVD
NVD
added 2020/01/08 5:15 p.m.21 views

CVE-2016-6588

A Cross-Site Scripting XSS vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0...

5.4CVSS5.3AI score0.00843EPSS
Exploits0References3
OSV
OSV
added 2020/01/08 4:15 p.m.4 views

CVE-2016-6589

A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...

6.5CVSS5.8AI score0.01681EPSS
Exploits0References3
Prion
Prion
added 2020/01/08 4:15 p.m.12 views

Denial of service

A Denial of Service vulnerability exists in the ITMS workflow process manager login window in Symantec IT Management Suite 8.0...

4CVSS7AI score0.01681EPSS
Exploits0References3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/20 8:47 a.m.14 views

Security Bulletin: A cross site scripting security vulnerability has been identified with Case Builder component shipped with IBM Business Automation Workflow (CVE-2019-4426)

Summary Case Builder component shipped with IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a...

5.4CVSS1.8AI score0.00748EPSS
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/12/20 12:0 a.m.54 views

SUSE SLED15 / SLES15 Security Update : spectre-meltdown-checker (SUSE-SU-2019:3348-1)

This update for spectre-meltdown-checker fixes the following issues : - feat: implement TAA detection CVE-2019-11135 bsc1139073 - feat: implement MCEPSC / iTLB Multihit detection CVE-2018-12207 bsc1117665 - feat: taa: add TSXCTRL MSR detection in hardware info - feat: fwdb: use both Intel GitHub...

6.5CVSS7.3AI score0.03133EPSS
Exploits0References7
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/18 6:15 p.m.32 views

Security Bulletin: Security vulnerabilities has been identified with the embedded Content Navigator used by IBM Business Automation Workflow (CVE 2019-4263, CVE-2019-10086, CVE-2019-12402)

Summary IBM Business Automation Workflow has addressed the following security vulnerabilities with the embedded Content Navigator. For more information, refer to the X-Force database entries referred to below. Vulnerability Details CVEID: CVE-2019-4263 DESCRIPTION: IBM Content Navigator is...

7.5CVSS0.8AI score0.28839EPSS
Exploits1Affected Software1
OSV
OSV
added 2019/12/18 4:15 a.m.4 views

CVE-2019-15013

The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0 before version 8.4.3, and from version 8.5.0 before version 8.5.2 allows authenticated remote attackers who do not have project administration access to remove a configured issue status from a projec...

4.3CVSS5.8AI score0.0121EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/12/17 7:45 p.m.33 views

Security Bulletin: A denial of service vulnerability has been identified with Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager (CVE-2019-12402)

Summary Case Client component shipped with IBM Business Automation Workflow and IBM Case Manager is vulnerable to denial of service, caused by an error in the internal file name encoding algorithm with Apache Commons Compress. By persuading a victim to open specially crafted ZIP archive containin...

7.5CVSS1.3AI score0.16157EPSS
Exploits0Affected Software2
Rows per page
Query Builder