Security Bulletin: CVE-2015-7450 affects the desktop IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

Summary The following vulnerability in Apache commons that affects the desktop IBM Process Designer has been addressed. Vulnerability Details CVEID:CVE-2015-7450 DESCRIPTION: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and...

CVE-2021-29834

The CVE-2021-29834 entry concerns a stored cross-site scripting (XSS) vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM). According to IBM’s Security Bulletin, the affected versions are IBM Business Automation Workflow: V18.0, 19.0, 20.0, 21.0.2 and V20.0.2 p...

CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771...

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

CVE-2019-4204

This CVE is an XSS vulnerability in IBM Business Automation Workflow and IBM BPM (CVE-2019-4204). Affected products/versions: IBM Business Automation Workflow 18.0.0.0–19.0.0.1; IBM BPM 8.5.7.0–8.6.0.0 CF2017.06 and 8.6.0.0 CF2018.03. The issue allows arbitrary JavaScript in the Web UI, potential...

IBM Business Process Manager and IBM Business Automation Workflow Cross-Site Request Forgery Vulnerability

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

CVE-2018-1885

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve information using a specially cracted HTTP request. IBM X-Force ID: 152020...

CVE-2018-2000

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890...

CVE-2018-2000

CVE-2018-2000 concerns cross-site request forgery in IBM Business Automation Workflow 18.0.0.0–18.0.0.1 (and related BPM components). The IBM Security Bulletin and CNVD/CVE records describe an issue where an attacker could induce unauthorized actions by a trusted user’s session. The IBM bulletin ...

CVE-2018-1999

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889...

CVE-2018-1848

CVE-2018-1848 is a cross-site scripting (XSS) flaw in IBM Business Automation Workflow, affecting version 18.0.0.0 through 18.0.0.1. The vulnerability allows embedding arbitrary JavaScript in the Web UI, potentially leading to credentials disclosure within a trusted session. IBM’s bulletin (and r...