Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow (traditional and containers) March 2026

Summary In addition to updating many operating system level packages on container images, IBM Business Automation Workflow fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special...

CVE-2025-36054

IBM Business Automation Workflow containers (versions 24.0.0-IF006 to 24.0.0, 24.0.1-IF004, 25.0.0-IF001) and the traditional with Process Federation Server (24.0.0 to 24.0.1, 25.0.0) are affected by a cross-site scripting (CWE-79) vulnerability (CVE-2025-36054). An unauthenticated attacker can i...

PT-2025-45182

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow containers versions 24.0.0 through 24.0.0-IF006 IBM Business Automation Workflow containers versions 24.0.1 through 24.0.1-IF004 IBM Business Automation Workflow containers versions 25.0.0 through 25.0.0-IF001...

EUVD-2021-25330

Malware in sbrugna...

Security Bulletin: Denial of Service in Spring vulnerability affect IBM Business Automation Workflow - CVE-2024-38808

Summary IBM Business Automation Workflow is vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2024-38808 DESCRIPTION: VMware Tanzu Spring Framework is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted Spring Expression...

Security Bulletin: Multiple security vulnerabilities in bootstrap.js may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow packages a vulnerable version of bootstrap.js. Vulnerability Details CVEID:CVE-2018-20677 DESCRIPTION: Bootstrap is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the affix configuration target property. A remot...

Security Bulletin: Multiple vulnerabilities in angular.js may affect IBM Business Automation Workflow ( CVE-2019-14863, CVE-2020-7676, CVE-2019-10768)

Summary IBM Business Automation Workflow packages a vulnerable version of angular js. Vulnerability Details CVEID:CVE-2019-14863 DESCRIPTION: Angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability ...

CVE-2022-43864

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 239427...

CVE-2020-4516

IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

CVE-2020-4446

IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to bypass security restrictions, caused by the failure to perform insufficient authorization checks. IBM X-Force ID: 181126...