Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for April 2026.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF007 and 25.0.1-IF001. These vulnerabilities have been also adressed in 24.0.1-IF007 and 25.0.0-IF004. Vulnerability Details CVEID:CVE-2025-15284 DESCRIPTION: Improper Input Validation vulnerability in qs...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they...

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation

Summary A security vulnerability in Python affects IBM Robotic Process Automation. Python is used by IBM Robotic Process Automation as part of its deployment. This bulletin identifies the fixes required to resolve the vulnerabilities. Vulnerability Details CVEID:CVE-2025-68146 DESCRIPTION: filelo...

CVE-2025-36059

CVE-2025-36059 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers: 25.0.0-IF002, 24.0.1-IF005, and 24.0.0-IF006. The root cause is a local user with container access being able to execute OS system calls. IBM bulletin notes remediation by applying fixed ...

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-5005...

CVE-2023-25680

IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032...

Security Bulletin: Multiple security vulnerabilities in Java may affect IBM Robotic Process Automation

Summary Multiple security vulnerabilities in Java affect IBM Robotic Process Automation. Java is used by IBM Robotic Process Automation as part of metrics and licening, and UMS. This bulletin identifies the fixes required to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-3076...

Security Bulletin: Multiple security vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak

Summary Multiple vulnerabilities in RedHat UBI affect IBM Robotic Process Automation for Cloud Pak. RedHat UBI is used as base imaged for IBM Robotic Process Automation for Cloud Pak images. This bulletin identifies the fixes required to address the vulnerabilites. Vulnerability Details...

CVE-2025-36054

IBM Business Automation Workflow containers (versions 24.0.0-IF006 to 24.0.0, 24.0.1-IF004, 25.0.0-IF001) and the traditional with Process Federation Server (24.0.0 to 24.0.1, 25.0.0) are affected by a cross-site scripting (CWE-79) vulnerability (CVE-2025-36054). An unauthenticated attacker can i...

PT-2025-45182

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow containers versions 24.0.0 through 24.0.0-IF006 IBM Business Automation Workflow containers versions 24.0.1 through 24.0.1-IF004 IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0-IF001...

EUVD-2021-25330

Malware in sbrugna...

EUVD-2020-26041

Malware in sbrugna...

EUVD-2024-29764

Malicious code in bioql PyPI...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 9.3.0. Vulnerability Details CVEID:CVE-2025-48989 DESCRIPTION: Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue...

Security Bulletin: IBM Automation Decision Services for April 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2025-22870...

CVE-2024-31906

IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system...

CVE-2023-23469

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

Security Bulletin: IBM Automation Decision Services - Multiple CVEs addressed (February 2024)

Summary IBM Automation Decision Services is vulnerable to denial of service attacks in third party and open source used in the product for various functions. See full list below. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2023-36054 DESCRIPTION: MIT Kerberos 5 aka krb5...

Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed

Summary IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed Vulnerability Details CVEID:CVE-2024-3596...