Lucene search
K

843 matches found

NVD
NVD
added 2 days ago5 views

CVE-2026-13449

IBM Business Automation Manager Open Editions 9.0.0 through 9.4.2 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources...

9.1CVSS0.00387EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago4 views

Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2026-11594, CVE-2026-11707, CVE-2026-11383, CVE-2026-11541, CVE-2026-11536)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletins...

9.8CVSS6.3AI score0.00342EPSS
Exploits0Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 3 days ago5 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...

9.8CVSS8AI score0.01735EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/29 4:43 p.m.11 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

9.8CVSS7.3AI score0.87218EPSS
Exploits12Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/08 6:5 p.m.7 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed in IBM Business Automation Manager Open Editions 8.0.9-IF0001 Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client...

8.7CVSS6AI score0.00328EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/14 3:53 p.m.8 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

9.8CVSS7.5AI score0.37246EPSS
Exploits6Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/08 8:0 p.m.8 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published...

5.5CVSS5.9AI score0.00216EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 12:19 p.m.10 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they...

9.8CVSS7.3AI score0.0115EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/31 12:18 p.m.14 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior...

8.2CVSS7AI score0.03026EPSS
Exploits4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/10 5:51 p.m.9 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-29371)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow traditional. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to...

7.5CVSS5.8AI score0.00244EPSS
Exploits1Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/11 10:28 a.m.13 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.5AI score0.00491EPSS
Exploits0Affected Software2
Vulnrichment
Vulnrichment
added 2026/02/02 8:56 p.m.4 views

CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS5.6AI score0.00458EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/02 8:56 p.m.5 views

CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS5.6AI score0.00458EPSS
Exploits0References2Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/02 5:24 p.m.7 views

Security Bulletin: Security vulnerability in Apache Commons Lang may affect IBM Business Automation Workflow - CVE-2025-48924

Summary IBM Business Automation Workflow packages a vulnerable copy of the Apache Commons Lang open source library. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.4AI score0.02164EPSS
Exploits0Affected Software2
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.7 views

IBM Business Automation Workflow 代码问题漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow containers V25.0....

7.1CVSS5.8AI score0.00458EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:17 p.m.11 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026

Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...

7.5CVSS6AI score0.00631EPSS
Exploits3Affected Software2
CVE
CVE
added 2026/01/20 3:9 p.m.26 views

CVE-2025-36058

CVE-2025-36058 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The issue could disclose sensitve configuration information stored in a config map. Red Hat/IBM advisories and IBM Security Bulletins identify the affected versions as: IBM Cloud Pak for ...

5.5CVSS8.4AI score0.0011EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/20 3:7 p.m.17 views

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

4.7CVSS0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:15 a.m.9 views

CVE-2022-38390

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS6AI score0.00371EPSS
Exploits0References1
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/19 5:43 p.m.9 views

Security Bulletin: Security vulnerability in form-data may affect IBM Business Automation Workflow - CVE-2025-7783

Summary IBM Business Automation Workflow references a vulnerable copy of the form-data open source library. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS6.5AI score0.01735EPSS
Exploits1Affected Software2
Rows per page
Query Builder