Michał Bogdanowicz

#12430of 53,633
21.9Total CVSS
Vulnerabilities · 3
Medium
2
Critical
1
PT-2024-13363
6.1
2024-02-14
Algosec · Algosec Fireflow · CVE-2023-46596
**Name of the Vulnerable Software and Affected Versions** Algosec FireFlow versions A32.20 through A32.60 **Description** The issue is related to improper input validation in the VisualFlow workflow editor via the `Name`, `Description`, and `Configuration File` fields. This allows an attacker to initiate an XSS attack by injecting malicious executable scripts into the application's code. **Recommendations** For version A32.20, update to b600 or above. For version A32.50, update to b430 or above. For version A32.60, update to b250 or above.
PT-2023-30106
5.9
2023-11-02
Fireflow · Fireflow · CVE-2023-46595
**Name of the Vulnerable Software and Affected Versions** FireFlow versions prior to A32.20 (b570) FireFlow versions prior to A32.50 (b390) FireFlow versions prior to A32.60 (b220) **Description** The issue allows an attacker to obtain a victim's domain credentials and Net-NTLM hash via HTML injection in the VisualFlow workflow editor, potentially leading to relay domain attacks. This is achieved through stored HTML injection using the `Name` and `Description` fields, and also impacts outbound actions using the `Name` and `Category` parameters. **Recommendations** For versions prior to A32.20 (b570), update to A32.20 (b570 or above) to resolve the issue. For versions prior to A32.50 (b390), update to A32.50 (b390 or above) to resolve the issue. For versions prior to A32.60 (b220), update to A32.60 (b220 or above) to resolve the issue. As a temporary workaround, consider restricting the use of the `Name` and `Description` fields in the VisualFlow workflow editor, as well as limiting outbound actions using the `Name` and `Category` parameters, until a patch is applied.
PT-2023-25366
9.9
2023-08-16
Ibm · Ibm Security Guardium · CVE-2023-35893
**Name of the Vulnerable Software and Affected Versions** IBM Security Guardium versions 10.6 through 11.5 **Description** The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. **Recommendations** For versions 10.6 through 11.5, update to a version that includes a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.