CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

840 matches found

IBM Security Bulletins•added 2026/05/29 4:43 p.m.•10 views

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes May 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and...

9.8CVSS7.3AI score0.18007EPSS

Exploits12Affected Software2

IBM Security Bulletins•added 2026/05/08 6:5 p.m.•5 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerability is addressed in IBM Business Automation Manager Open Editions 8.0.9-IF0001 Vulnerability Details CVEID:CVE-2026-35554 DESCRIPTION: A race condition in the Apache Kafka Java producer client...

8.7CVSS6AI score0.00025EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2026/04/14 3:53 p.m.•7 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 8.0.9 Vulnerability Details CVEID:CVE-2017-9096 DESCRIPTION: The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do...

9.8CVSS7.5AI score0.66054EPSS

Exploits8Affected Software1

IBM Security Bulletins•added 2026/04/08 8:0 p.m.•6 views

Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server affect IBM Business Automation Workflow (CVE-2026-32776, CVE-2026-32777, CVE-2026-32778)

Summary WebSphere Application Server Traditional is shipped as a component of IBM Business Automation Workflow. Information about security vulnerabilities in IBM HTTP Server affecting IBM WebSphere Application Server Traditional and IBM WebSphere Application Server Liberty have been published...

5.5CVSS5.9AI score0.00006EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2026/03/31 12:19 p.m.•9 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-1525 DESCRIPTION: Undici allows duplicate HTTP Content-Length headers when they...

9.8CVSS7.3AI score0.00175EPSS

Exploits2Affected Software1

IBM Security Bulletins•added 2026/03/31 12:18 p.m.•10 views

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed in IBM Business Automation Manager Open Editions 9.4.0 Vulnerability Details CVEID:CVE-2026-27601 DESCRIPTION: Underscore.js is a utility-belt library for JavaScript. Prior...

8.2CVSS7AI score0.00092EPSS

Exploits4Affected Software1

IBM Security Bulletins•added 2026/03/10 5:51 p.m.•5 views

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-29371)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow traditional. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to...

7.5CVSS5.8AI score0.00036EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2026/02/11 10:28 a.m.•12 views

Security Bulletin: Multiple Vulnerabilities in IBM® Java SDK affect IBM shipped with IBM Buinses Automation Workflow (Januar 2026 CPU and CVE-2026-1188)

Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server in IBM Business Automtation Workflow traditional. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

9.8CVSS5.5AI score0.00025EPSS

Exploits0Affected Software2

ATTACKERKB•added 2026/02/02 8:56 p.m.•5 views

CVE-2025-13096

IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection XXE attack when processing XML data. A remote...

7.1CVSS5.6AI score0.00101EPSS

Exploits0References2Affected Software2

Vulnrichment•added 2026/02/02 8:56 p.m.•2 views

CVE-2025-13096 XML eXternal Entity injection (XXE) vulnerability affect IBM Business Automation Workflow -

7.1CVSS5.6AI score0.00101EPSS

Exploits0References1

IBM Security Bulletins•added 2026/02/02 5:24 p.m.•6 views

Security Bulletin: Security vulnerability in Apache Commons Lang may affect IBM Business Automation Workflow - CVE-2025-48924

Summary IBM Business Automation Workflow packages a vulnerable copy of the Apache Commons Lang open source library. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue affects Apache Commons Lang: Starting with...

5.3CVSS6.4AI score0.00099EPSS

Exploits0Affected Software2

CNNVD•added 2026/02/02 12:0 a.m.•3 views

IBM Business Automation Workflow 代码问题漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow containers V25.0....

7.1CVSS5.8AI score0.00101EPSS

Exploits0References2

IBM Security Bulletins•added 2026/01/30 5:17 p.m.•11 views

Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026

Summary In addition to updating many operating system level packages, IBM Business Automation Workflow container fixes address the following vulnerabilities. Vulnerability Details CVEID:CVE-2025-47912 DESCRIPTION: The Parse function permits values other than IPv6 addresses to be included in squar...

7.5CVSS6AI score0.00097EPSS

Exploits3Affected Software2

CVE•added 2026/01/20 3:9 p.m.•21 views

CVE-2025-36058

CVE-2025-36058 affects IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers. The issue could disclose sensitve configuration information stored in a config map. Red Hat/IBM advisories and IBM Security Bulletins identify the affected versions as: IBM Cloud Pak for ...

5.5CVSS8.4AI score0.0002EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/20 3:7 p.m.•13 views

CVE-2025-36059 Multiple security vulnerabilities are addressed in IBM Business Automation Workflow Containers fixes December 2025

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system calls...

4.7CVSS0.0002EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 9:15 a.m.•7 views

CVE-2022-38390

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force...

5.4CVSS6AI score0.0029EPSS

Exploits0References1

IBM Security Bulletins•added 2025/11/19 5:43 p.m.•8 views

Security Bulletin: Security vulnerability in form-data may affect IBM Business Automation Workflow - CVE-2025-7783

Summary IBM Business Automation Workflow references a vulnerable copy of the form-data open source library. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION: Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated...

9.4CVSS6.5AI score0.01319EPSS

Exploits1Affected Software2

IBM Security Bulletins•added 2025/11/14 6:53 a.m.•8 views

Security Bulletin: Security vulnerability affect IBM Business Automation Workflow - CVE-2025-52999

Summary IBM Business Automation Workflow Case documentation in before 25.0.0 built upon a version of DITA, which packages a vulnerable copy of jackson-core. Vulnerability Details CVEID:CVE-2025-52999 DESCRIPTION: jackson-core contains core low-level incremental "streaming" parser and generator...

8.7CVSS7AI score0.00206EPSS

Exploits0Affected Software2

OSV•added 2025/11/06 3:15 p.m.•2 views

CVE-2025-36054

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

6.1CVSS5.4AI score

Exploits0References1

Cvelist•added 2025/11/06 2:11 p.m.•3 views

CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -

6.1CVSS0.00072EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by