Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
workflow vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2008-0463
Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x prior to 4.7.x-1.2 and 5.x prior to 5.x-1.2 module for Drupal allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors involving node properties.
Drupal Workflow
5.8
CVSSv2
CVE-2015-0102
IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Ibm Workflow -
6.8
CVSSv2
CVE-2018-2000
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an malicious user to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Process Manager 8.6.0.0
NA
CVE-2022-38167
The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.
Nintex Workflow 5.2.2.30
6.4
CVSSv2
CVE-2020-26172
Every login in tangro Business Workflow prior to 1.18.1 generates the same JWT token, which allows an malicious user to reuse the token when a session is active. The JWT token does not contain an expiration timestamp.
Tangro Business Workflow
4
CVSSv2
CVE-2020-26176
An issue exists in tangro Business Workflow prior to 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs....
Tangro Business Workflow
4
CVSSv2
CVE-2020-26177
In tangro Business Workflow prior to 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api...
Tangro Business Workflow
NA
CVE-2016-15036
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to...
Deis Workflow Manager
4
CVSSv2
CVE-2020-26171
In tangro Business Workflow prior to 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them.
Tangro Business Workflow
4
CVSSv2
CVE-2020-26173
An incorrect access control implementation in Tangro Business Workflow prior to 1.18.1 allows an malicious user to download documents (PDF) by providing a valid document ID and token. No further authentication is required.
Tangro Business Workflow
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »