Lucene search
K

4566 matches found

CNVD
CNVD
added 2019/07/02 12:0 a.m.2 views

IBM Business Automation Workflow Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

5.4CVSS6.6AI score0.00987EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2019/07/01 6:25 p.m.24 views

Security Bulletin: An HttpClient security vulnerability has been identified with the embedded Content Manager used by IBM Business Automation Workflow (CVE-2012-5783)

Summary IBM Business Automation Workflow has addressed the following security vulnerability with the embedded Content Manager. Apache Commons HttpClient could allow a remote attacker to conduct spoofing attacks, caused by the failure to verify that the server hostname matches a domain name in the...

5.8CVSS1AI score0.09254EPSS
Exploits0Affected Software1
OSV
OSV
added 2019/07/01 3:15 p.m.1 views

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4CVSS5.7AI score0.00987EPSS
Exploits0References3
NVD
NVD
added 2019/07/01 3:15 p.m.10 views

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4CVSS5.2AI score0.00987EPSS
Exploits0References3
Prion
Prion
added 2019/07/01 3:15 p.m.11 views

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

3.5CVSS5.2AI score0.00987EPSS
Exploits0References3Affected Software2
CVE
CVE
added 2019/07/01 3:5 p.m.82 views

CVE-2019-4410

CVE-2019-4410 affects IBM Business Automation Workflow and IBM BPM. The IBM Security Bulletin documents a cross-site scripting vulnerability in IBM Business Automation Workflow 18.0.0.0–18.0.0.2 and 19.0.0.1 (and BPM variants) that allows embedding arbitrary JavaScript in the Web UI, potentially ...

5.4CVSS5.2AI score0.00987EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/07/01 3:5 p.m.13 views

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4CVSS5.2AI score0.00987EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2019/07/01 12:0 a.m.3 views

PT-2019-17068 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Automation Workflow version 19.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality an...

5.4CVSS5.5AI score0.00987EPSS
Exploits0References5
Microsoft KB
Microsoft KB
added 2019/06/26 12:0 a.m.6 views

June 27, 2019 — KB4502584 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10, version 1903 and Windows Server 1903 RTM

June 27, 2019 — KB4502584 Cumulative Update for .NET Framework 3.5, 4.8 for Windows 10, version 1903 and Windows Server 1903 RTM Release Date: 06/27/2019 Version: .NET Framework 3.5 and 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/19 12:0 a.m.6 views

June 18, 2019 — KB4502563 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803

June 18, 2019 — KB4502563 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1803 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/19 12:0 a.m.7 views

June 18, 2019 — KB4502562 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709

June 18, 2019 — KB4502562 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1709 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/19 12:0 a.m.5 views

June 18, 2019 — KB4502561 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703

June 18, 2019 — KB4502561 Cumulative Update for .NET Framework 4.8 for Windows 10, version 1703 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern. To opt-in to these...

6.9AI score
Exploits0
Microsoft KB
Microsoft KB
added 2019/06/19 12:0 a.m.3 views

June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016

June 18, 2019 — KB4502560 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016 Release Date: 06/18/2019 Version: .NET Framework 4.8 Quality and reliability improvements Improves the memory allocation and cleanup scheduling behavior of the weak-event pattern...

6.9AI score
Exploits0
Veracode
Veracode
added 2019/06/17 12:21 a.m.23 views

Arbitrary Code Execution

jenkins-plugin-workflow-cps is vulnerable to arbitrary code execution. A sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin allows an attacker to invoke arbitrary contructors in sandboxed scripts...

9.8CVSS9.5AI score0.03366EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2019/06/10 4:58 p.m.2 views

jenkins-plugin-workflow-cps: Sandbox bypass in Script Security Plugin and Pipeline: Groovy Plugin (SECURITY-1353)

A flaw was found in the Jenkins Workflow CPS plugin. Groovy Plugins could be circumvented through methods supporting type casts and type coercion allowing attackers to invoke constructors for arbitrary types. The highest threat from this vulnerability is to data confidentiality and integrity as...

9.8CVSS5.8AI score0.03366EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2019/06/04 8:14 p.m.3 views

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +4848 more potentially affected by unknown CVE via js-yaml (>=0.3.5 <=3.13.0)

js-yaml NPM version =0.3.5, =1.0.0, =0.0.2, =0.0.1, =1.1.0, =3.3.4, =0.2.0-beta.6.2, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8J8C-7JFH-H6HX...

5.5AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2019/05/29 6:50 p.m.26 views

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-2602 DESCRIPTION: An unspecified vulnerability related t...

7.5CVSS1.4AI score0.37618EPSS
Exploits0Affected Software4
vulnersOsv
vulnersOsv
added 2019/05/29 6:4 p.m.3 views

@abdelilah/react-rich-text (=0.0.1), @bemit/flood-admin (>=0.1.2 <=0.1.6) +36 more potentially affected by CVE-2019-12043 via remarkable (>=1.3.0 <=1.7.1)

remarkable NPM version =1.3.0, =0.1.2, =0.1.0, =0.1.0, =4.0.0, =5.17.1, =1.1.2, =0.0.23, =0.0.23, =0.1.0, =2.0.0-beta0, =0.1.9, =0.2.1 - docpack =1.0.0-alpha and more Source cves: CVE-2019-12043 Source advisory: OSV:GHSA-36M4-6V6M-4VPR...

6.1CVSS6.3AI score0.00865EPSS
Exploits1
Drupal
Drupal
added 2019/05/22 12:0 a.m.22 views

Workflow - Moderately critical - Cross Site Scripting - SA-CONTRIB-2019-049

The Workflow module enables you to create arbitrary Workflows, and assign them to Entities. The module doesn't sufficiently escape HTML in the field settings leading to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker must have a role with the...

6AI score
Exploits0References8
NVD
NVD
added 2019/05/10 3:29 p.m.22 views

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4CVSS5.2AI score0.00955EPSS
Exploits0References3
Rows per page
Query Builder