Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.
| Software | From | Fixed in |
|---|---|---|
| openwfe / work_flow_engine | 1.4 | 1.4.x |
| openwfe / work_flow_engine | 1.4.1 | 1.4.1.x |
| openwfe / work_flow_engine | 1.4.2 | 1.4.2.x |
| openwfe / work_flow_engine | 1.4.3 | 1.4.3.x |
| openwfe / work_flow_engine | 1.4.4 | 1.4.4.x |
| openwfe / work_flow_engine | 1.4.5 | 1.4.5.x |