20 matches found
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for May 2026.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF005. These vulnerabilities have been also adressed in 24.0.0-IF007, 24.0.1-IF007 and 25.0.1-IF001. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for January 2026.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF006. These vulnerabilities have been also adressed in 24.0.1-IF006 and 25.0.0-IF003. Vulnerability Details CVEID:CVE-2018-5711 DESCRIPTION: gdgifin.c in the GD Graphics Library aka libgd, as used in PHP...
CVE-2025-36092 IBM Business Automation Insights improper input validation
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause a denial of service due to the improper validation of input length...
CVE-2025-36092
CVE-2025-36092 affects IBM Cloud Pak for Business Automation (25.0.0, 24.0.1, 24.0.0) and stems from improper validation of input length, allowing an authenticated user to cause a denial of service. IBM’s sources confirm the issue and provide targeted fixes: 25.0.0 should install security fix 25....
CVE-2025-36091 IBM Business Automation Insights unverified ownership
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...
CVE-2025-36091 IBM Business Automation Insights unverified ownership
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for September 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF005. These vulnerabilities have been also addressed in 25.0.0-IF001 and 24.0.0-IF004. Vulnerability Details CVEID:CVE-2025-48997 DESCRIPTION: Multer is a node.js middleware for handling...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for August 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 25.0.0-IF001 Vulnerability Details CVEID:CVE-2023-5752 DESCRIPTION: When installing a package from a Mercurial VCS URL ie "pip install hg+..." with pip prior to v23.3, the specified Mercurial revision could be us...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for July 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF004 and 24.0.0-IF006 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 t...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF002 and IBM Business Automation Insights 24.0.0-IF003 Vulnerability Details CVEID:CVE-2025-1634 DESCRIPTION: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for February 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF001 and IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for Junuary 2025.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF002 Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in schema parsing in the Java...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for September 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF001 Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for June 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details CVEID:CVE-2024-22329 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for May 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a specially...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for April 2024.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF004. Vulnerability Details CVEID:CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for March 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF003. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compress is vulnerable to a denial of service, caused by an out of memory error. By persuading a victim to open a specially...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for February 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF002. Vulnerability Details CVEID:CVE-2023-6267 DESCRIPTION: Quarkus could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization in the json payload when...
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for January 2023.
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF001. Vulnerability Details CVEID:CVE-2023-46673 DESCRIPTION: Elastic Elasticsearch is vulnerable to a denial of service, caused by improper handling of exceptional conditions. By sending a specially...
Security Bulletin: Multiple vulnerabilities in TLS in Cloud Pak for Automation
Summary There are multiple vulnerabilities in the TLS protocol implementation in Business Automation Insights BAI in Cloud Pak for Automation. These have been addressed. Vulnerability Details CVEID: CVE-2013-0169 DESCRIPTION: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used...