Azure File Sync Agent v18.0 Release – May 2024 (KB5023057)

Update for Azure File Sync agent version 18.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

PT-2022-22681 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 22.0.1 Description: The issue could disclose sensitive version information to authenticated users, which could be used in further attacks against the system. Recommendations: For...

CVE-2022-21244

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web Access. Supported versions that are affected are 18.0.0.0-18.0.3.0, 19.0.0.0-19.0.1.2, 20.0.0.0 and 20.0.0.1. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2021-29834

The CVE-2021-29834 entry concerns a stored cross-site scripting (XSS) vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM). According to IBM’s Security Bulletin, the affected versions are IBM Business Automation Workflow: V18.0, 19.0, 20.0, 21.0.2 and V20.0.2 p...

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

PT-2019-17077 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 Description: The issue allows a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users...

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

PT-2019-17068 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 18.0.0.0 through 18.0.0.2 IBM Business Automation Workflow version 19.0.0.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality an...

CVE-2019-4204

This CVE is an XSS vulnerability in IBM Business Automation Workflow and IBM BPM (CVE-2019-4204). Affected products/versions: IBM Business Automation Workflow 18.0.0.0–19.0.0.1; IBM BPM 8.5.7.0–8.6.0.0 CF2017.06 and 8.6.0.0 CF2018.03. The issue allows arbitrary JavaScript in the Web UI, potential...

IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Request Forgery Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

CVE-2018-1885

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020...

CVE-2018-2000

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890...

CVE-2018-1997

IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774...

CVE-2018-1885

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020...

CVE-2018-2000

CVE-2018-2000 concerns cross-site request forgery in IBM Business Automation Workflow 18.0.0.0–18.0.0.1 (and related BPM components). The IBM Security Bulletin and CNVD/CVE records describe an issue where an attacker could induce unauthorized actions by a trusted user’s session. The IBM bulletin ...

CVE-2019-4045

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241...

CVE-2018-1999

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889...

CVE-2018-1848

CVE-2018-1848 is a cross-site scripting (XSS) flaw in IBM Business Automation Workflow, affecting version 18.0.0.0 through 18.0.0.1. The vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s bulletin (and r...