Lucene search
K

729 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 6:25 a.m.6 views

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...

4.9CVSS6.5AI score0.00324EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:11 a.m.7 views

CVE-2023-32339

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...

6.1CVSS6AI score0.0048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:54 a.m.7 views

CVE-2023-24957

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...

5.4CVSS6AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:43 a.m.10 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS6.7AI score0.00257EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/12 1:28 p.m.15 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2022-42920

Summary IBM Business Automation Workflow packages a vulnerable copy of Apache BCEL in an OSGi bundle. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By...

9.8CVSS7.1AI score0.02836EPSS
Exploits0Affected Software2
BDU FSTEC
BDU FSTEC
added 2025/05/09 12:0 a.m.10 views

The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform lies in the lack of security measures for website structures. This allows attackers to execute cross-site scripting attacks.

The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform relates to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to...

5.5CVSS5.3AI score0.00266EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/08 6:23 a.m.5 views

Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow

Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...

5.5CVSS5.8AI score0.00408EPSS
Exploits1Affected Software2
Vulnrichment
Vulnrichment
added 2025/05/03 4:53 p.m.7 views

CVE-2025-1495 IBM Business Automation Workflow missing authentication

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS6.3AI score0.00211EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/03 4:53 p.m.18 views

CVE-2025-1495 IBM Business Automation Workflow missing authentication

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...

4.3CVSS0.00211EPSS
Exploits0References1
CVE
CVE
added 2025/05/03 4:53 p.m.58 views

CVE-2025-1495

CVE-2025-1495 affects IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center, where information can be leaked due to missing authorization validation. Root cause: missing authentication for a critical function. Impact: potential disclosure of sensitive information. Remedia...

4.3CVSS4.4AI score0.00211EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:16 a.m.19 views

Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:8 a.m.19 views

Security Bulletin: A remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2025-27363

Summary IBM Business Automation Workflow containers package a vulnerable version of freetype. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...

8.1CVSS7.4AI score0.26049EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:5 a.m.11 views

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2025-1495

Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2025-1495 DESCRIPTION: IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation. CWE:CWE-306: Missing Authentication for...

4.3CVSS6.1AI score0.00211EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 6:2 a.m.11 views

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2025-1838

Summary IBM Business Automation Workflow Center is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2025-1838 DESCRIPTION: IBM Business Automation Workflow Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which...

6.5CVSS9.2AI score0.00321EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:59 a.m.24 views

Security Bulletin: Security vulnerability in Apache Kafka clients affects IBM Business Automation Workflow Case Event Emitters - CVE-2024-31141

Summary IBM Business Automation Workflow Case Event Emitters package a vulnerable version of Apache Kafka clients. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apac...

6.5CVSS9.2AI score0.01129EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:55 a.m.17 views

Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218

Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...

5CVSS5.9AI score0.00386EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2025/05/03 5:52 a.m.21 views

Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565

Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...

9.8CVSS9.4AI score0.00759EPSS
Exploits1Affected Software2
Positive Technologies
Positive Technologies
added 2025/05/03 12:0 a.m.6 views

PT-2025-18949 · Ibm · Ibm Business Automation Workflow

Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 24.0.0 through 24.0.1 IF001 Description: The issue is related to missing authorization validation, which may cause the software to leak sensitive information. Recommendations: For IBM Business...

4.3CVSS5.7AI score0.00211EPSS
Exploits0References7
CNNVD
CNNVD
added 2025/05/03 12:0 a.m.8 views

IBM Business Automation Workflow 访问控制错误漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An access control error vulnerability exists in IB...

4.3CVSS6.1AI score0.00211EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/05/02 10:30 a.m.17 views

How to Automate CVE and Vulnerability Advisory Response with Tines

Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates...

7.5AI score
Exploits0
Rows per page
Query Builder