Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
workflow vulnerabilities and exploits
(subscribe to this query)
356
VMScore
CVE-2020-26173
An incorrect access control implementation in Tangro Business Workflow prior to 1.18.1 allows an malicious user to download documents (PDF) by providing a valid document ID and token. No further authentication is required.
Tangro Business Workflow
356
VMScore
CVE-2020-26176
An issue exists in tangro Business Workflow prior to 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs....
Tangro Business Workflow
356
VMScore
CVE-2020-26177
In tangro Business Workflow prior to 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api...
Tangro Business Workflow
445
VMScore
CVE-2020-4531
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote malicious user to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in furth...
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 20.0.0.0
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.6.0.0
383
VMScore
CVE-2008-1202
Cross-site scripting (XSS) vulnerability in the web management interface in Adobe LiveCycle Workflow 6.2 allows remote malicious users to inject arbitrary web script or HTML via unknown vectors.
Adobe Livecycle Workflow 6.2
NA
CVE-2023-33457
In Sogou Workflow v0.10.6, memcpy a negtive size in URIParser::parse , may cause buffer-overflow and crash.
Sogou C\\+\\+ Workflow 0.10.6
NA
CVE-2022-46664
A vulnerability has been identified in Mendix Workflow Commons (All versions < V2.4.0), Mendix Workflow Commons V2.1 (All versions < V2.1.4), Mendix Workflow Commons V2.3 (All versions < V2.3.2). Affected versions of the module improperly handle access control for some m...
Siemens Mendix Workflow Commons
828
VMScore
CVE-2016-1894
NetApp OnCommand Workflow Automation prior to 3.1P2 allows remote malicious users to bypass authentication via unspecified vectors.
Netapp Oncommand Workflow Automation
490
VMScore
CVE-2020-4794
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization chec...
Ibm Automation Workstream Services 19.0.3
Ibm Automation Workstream Services 20.0.1
Ibm Automation Workstream Services 20.0.2
Ibm Business Process Manager 8.0.0.0
Ibm Business Process Manager 8.0.1.0
Ibm Business Process Manager 8.0.1.1
Ibm Business Process Manager 8.0.1.2
Ibm Business Process Manager 8.0.1.3
Ibm Business Process Manager 8.5.0.0
Ibm Business Process Manager 8.5.0.1
Ibm Business Process Manager 8.5.0.2
Ibm Business Process Manager 8.5.5.0
Ibm Business Process Manager 8.5.6.0
Ibm Business Process Manager 8.5.6.1
Ibm Business Process Manager 8.5.6.2
Ibm Business Process Manager 8.5.7.0
Ibm Business Process Manager 8.6
Ibm Business Automation Workflow 18.0.0.0
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 18.0.0.2
Ibm Business Automation Workflow 19.0.0.0
Ibm Business Automation Workflow 19.0.0.1
445
VMScore
CVE-2020-4532
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote malicious user to obtain sensitive information when a detailed technical error message is returned in the browser. This infor...
Ibm Business Automation Workflow 18.0.0.1
Ibm Business Automation Workflow 19.0.0.3
Ibm Business Process Manager
Ibm Business Process Manager 8.6.0.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »