729 matches found
CVE-2024-43188
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation...
CVE-2023-32339
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587...
CVE-2023-24957
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended...
CVE-2022-42435
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...
Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2022-42920
Summary IBM Business Automation Workflow packages a vulnerable copy of Apache BCEL in an OSGi bundle. Vulnerability Details CVEID:CVE-2022-42920 DESCRIPTION: Apache Commons BCEL could allow a remote attacker to bypass security restrictions, caused by an out-of-bounds write flaw in the APIs. By...
The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform lies in the lack of security measures for website structures. This allows attackers to execute cross-site scripting attacks.
The vulnerability of the IBM Business Automation Workflow software and the IBM Business Automation Workflow Enterprise Service Bus software platform relates to the lack of security measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to...
Security Bulletin: A denial of service vulnerabilities has been identified in IBM WebSphere Application Server Liberty shipped with IBM Business Automation Workflow
Summary WebSphere Application Server Liberty is shipped as part of IBM Business Automation Workflow containers and as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow traditional. Information abou...
CVE-2025-1495 IBM Business Automation Workflow missing authentication
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495 IBM Business Automation Workflow missing authentication
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation...
CVE-2025-1495
CVE-2025-1495 affects IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center, where information can be leaked due to missing authorization validation. Root cause: missing authentication for a critical function. Impact: potential disclosure of sensitive information. Remedia...
Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow containers package a vulnerable copy of eclipse jars. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: A remote code execution vulnerability affect IBM Business Automation Workflow - CVE-2025-27363
Summary IBM Business Automation Workflow containers package a vulnerable version of freetype. Vulnerability Details CVEID:CVE-2025-27363 DESCRIPTION: An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font...
Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow - CVE-2025-1495
Summary IBM Business Automation Workflow is vulnerable to an information leakage attack. Vulnerability Details CVEID:CVE-2025-1495 DESCRIPTION: IBM Business Automation Workflow Center may leak sensitive information due to missing authorization validation. CWE:CWE-306: Missing Authentication for...
Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow - CVE-2025-1838
Summary IBM Business Automation Workflow Center is vulnerable to a denial of service attack. Vulnerability Details CVEID:CVE-2025-1838 DESCRIPTION: IBM Business Automation Workflow Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which...
Security Bulletin: Security vulnerability in Apache Kafka clients affects IBM Business Automation Workflow Case Event Emitters - CVE-2024-31141
Summary IBM Business Automation Workflow Case Event Emitters package a vulnerable version of Apache Kafka clients. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apac...
Security Bulletin: Vulnerability in eclipse affects IBM Business Automation Workflow - CVE-2023-4218
Summary IBM Business Automation Workflow packages a vulnerable version of eclipe jar files. Vulnerability Details CVEID:CVE-2023-4218 DESCRIPTION: Eclipse IDE could allow a local authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity XXE...
Security Bulletin: Multiple vulnerabilities affect IBM Business Automation Workflow - CVE-2025-27789, CVE-2024-57965, CVE-2025-27152, CVE-2024-55565
Summary Some IBM Business Automation Workflow user interfaces may be affected by vulnerabilities in JavaScript libraries. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and...
PT-2025-18949 · Ibm · Ibm Business Automation Workflow
Name of the Vulnerable Software and Affected Versions: IBM Business Automation Workflow versions 24.0.0 through 24.0.1 IF001 Description: The issue is related to missing authorization validation, which may cause the software to leak sensitive information. Recommendations: For IBM Business...
IBM Business Automation Workflow 访问控制错误漏洞
IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. An access control error vulnerability exists in IB...
How to Automate CVE and Vulnerability Advisory Response with Tines
Run by the team at workflow orchestration and AI platform Tines, the Tines library features pre-built workflows shared by security practitioners from across the community - all free to import and deploy through the platform's Community Edition. A recent standout is a workflow that automates...