Lucene search
+L

36 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:45 p.m.28 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix April 2016 (CVE-2016-3426)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in April 2016. Vulnerability Details CVEID: CVE-2016-3426 DESCRIPTION: An...

4.3CVSS6.7AI score0.02795EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:45 p.m.27 views

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Bluemix Workflow

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.1 that is used by Bluemix Workflow. These issues were disclosed as part of the IBM Java SDK updates in January 2015. This bulletin also addresses the “FREAK: Factoring Attack on RSA-EXPORT keys" TLS/SSL...

5CVSS4.1AI score0.99999EPSS
Exploits12Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/03/06 2:41 p.m.37 views

Security Bulletin: Multiple vulnerabilities in IBM® SDK, Java™ Technology Edition affected IBM Workflow for Bluemix January 2016 (CVE-2015-7575, CVE-2016-0466, CVE-2016-0475)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8. that is used by IBM Workflow for Bluemix. These issues were disclosed as part of the IBM® SDK, Java™ Technology Edition updates in January 2016 and include the vulnerability commonly referred to as "SLOTH"...

5.9CVSS6.2AI score0.05453EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/01/04 12:15 a.m.4 views

CVE-2022-42435

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the...

8.8CVSS5.7AI score0.00257EPSS
Exploits0References2
OSV
OSV
added 2021/12/17 5:15 p.m.5 views

CVE-2021-38883

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

5.4CVSS5.4AI score0.0048EPSS
Exploits0References2
OSV
OSV
added 2021/09/29 4:15 p.m.4 views

CVE-2021-29834

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

5.4CVSS5.5AI score0.0048EPSS
Exploits0References2
OSV
OSV
added 2020/06/29 2:15 p.m.7 views

CVE-2020-4557

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...

5.4CVSS5.9AI score0.00561EPSS
Exploits0References2
NVD
NVD
added 2020/02/05 6:15 p.m.22 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

8.1CVSS7.8AI score0.0171EPSS
Exploits0References3
Prion
Prion
added 2020/02/05 6:15 p.m.15 views

Session fixation

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

5.8CVSS6.8AI score0.0171EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/05 5:23 p.m.20 views

CVE-2015-0102

IBM Workflow for Bluemix does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

7.9AI score0.0171EPSS
Exploits0References3
OSV
OSV
added 2019/09/05 3:15 p.m.5 views

CVE-2019-4149

IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. This vulnerability allows user...

5.4CVSS5.7AI score0.00679EPSS
Exploits0References2
OSV
OSV
added 2019/05/10 3:29 p.m.4 views

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trust...

5.4CVSS5.4AI score0.00955EPSS
Exploits0References3
OSV
OSV
added 2019/04/08 3:29 p.m.4 views

CVE-2018-1997

IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774...

6.5CVSS5.8AI score0.01383EPSS
Exploits0References2
OSV
OSV
added 2019/04/08 3:29 p.m.5 views

CVE-2018-2000

IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890...

8.8CVSS5.7AI score0.00763EPSS
Exploits0References3
OSV
OSV
added 2019/04/08 3:29 p.m.7 views

CVE-2018-1999

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889...

4.3CVSS5.8AI score0.00994EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:2 a.m.9 views

Security Bulletin: Vulnerability in SSLv3 affects IBM Workflow for Bluemix beta (CVE-2014-3566)

Summary SSLv3 contains a vulnerability that has been referred to as the Padding Oracle On Downgraded Legacy Encryption POODLE attack. SSLv3 was enabled by default in IBM Workflow for Bluemix beta. Vulnerability Details CVE ID: CVE-2014-3566 DESCRIPTION: IBM Workflow for Bluemix beta could allow a...

4.3CVSS0.8AI score0.99999EPSS
Exploits7Affected Software1
Rows per page
Query Builder