Security Bulletin: Vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Buinses Process Manager Enterprise Service Bus (July 2022 CPU plus deferred CVE-2021-2163)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager Enterprise Serivce Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow and IBM Business Process Manager (CVE-2022-35282)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

Security Bulletin: IBM Business Process Manager (BPM) Vulnerable URLs (CVE-2013-0581)

Abstract When a dashboard is opened or a service is executed, a malicious attacker can intercept network requests from the client. Then, the attacker can modify the URL parameters of the request so that malicious code can be executed within the client browser. Content VULNERABILITY DETAILS:...

Security Bulletin: Information regarding security vulnerability in IBM SDK for Java that is shipped with IBM WebSphere Application Server and addressed by Oracle CPU April 2013 (CVE-2013-0169)

Abstract Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server and included in the products that are listed in this document. Content VULNERABILITY DETAILS: DESCRIPTION: This Security Bulletin addresses the security vulnerabilities...

Security Bulletin: IBM FileNet Business Process Manager – XML 4J denial of service attack (CVE-2013-4002)

Abstract The XML4J parser that is shipped with the IBM FileNet Business Process Manager is vulnerable to a denial of service attack, which is triggered by malformed XML data. Content The products that are listed below can be affected by security vulnerabilities reported to the Apache Xerces-J...

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0440, CVE-2013-0443, CVE-2013-0169)

Abstract Potential security vulnerabilities exist in the IBM Java SDK that is shipped with the IBM FileNet Business Process Manager Content The products listed below might be affected by security vulnerabilities reported by Oracle’s April 2013 Critical Patch Updates: · IBM FileNet Business Proces...

Security Bulletin: An IBM Business Process Manager SSL connection can be established without host name verification: CVE-2012-5785

Abstract A Secure Sockets Layer SSL connection can be established without host name verfication, which can make the connection vulnerable to a man-in-the-middle attack. Content While obtaining an SSL connection, the IBM Business Process Management BPM system does not validate the host name of the...

Security Bulletin: Incorrect authorization for stop and resume Event Manager REST API in IBM Business Process Manager (CVE-2017-1628)

Summary Due to incorrect authorization for stop and resume Event Manager REST API, users without required permission can stop and resume the Event Manager in IBM Business Process Manager. Vulnerability Details CVEID: CVE-2017-1628 DESCRIPTION: IBM Business Process Manager allows authenticated use...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1503)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. Information about security vulnerabilities affecting IBM WebSphere Application Server have been published in ...

Security Bulletin: Security vulnerability in Apache Commons FileUpload might affect IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2016-1000031)

Summary A vulnerability for Apache Commons FileUpload before 1.3.3 has been reported which allows a remote attacker to execute arbitrary code on the system. Vulnerability Details CVEID: CVE-2016-1000031 DESCRIPTION: Apache Commons FileUpload, as used in certain products, could allow a remote...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM) (CVE-2017-1583, CVE-2011-4343)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about security vulnerabilities affecting IBM WebSphere Application...

Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919)

Summary Security vulnerability has been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-14919 DESCRIPTION: Node.js is vulnerable to a...

Security Bulletin: Potential information leakage in IBM Business Process Manager and WebSphere Lombardi Edition (CVE-2017-1756)

Summary Due to incorrect cache headers sensitive information might be stored locally which can be accessed by another user on the same system. Vulnerability Details CVEID: CVE-2017-1756 DESCRIPTION: IBM Business Process Manager allows web pages to be stored locally which can be read by another us...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM), WebSphere Process Server (WPS), WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (WLE) (Java CPU October 2017)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Security Bulletin: Information leakage in IBM Business Process Manager (CVE-2017-1765)

Summary Sensitive information about the application server is revealed during snapshot export in IBM Business Process Manager. Vulnerability Details CVEID: CVE-2017-1765 DESCRIPTION: IBM Business Process Manager could allow an authenticated user with special privileges to reveal sensitive...

Security Bulletin: Incorrect authorization for task assigment of ad hoc tasks in views shipped with IBM Business Process Manager (CVE-2017-1766)

Summary An authenticated user can claim and work on ad hoc tasks without required permission in some views shipped with IBM Business Process manager Vulnerability Details CVEID: CVE-2017-1766 DESCRIPTION: Due to incorrect authorization in IBM Business Process Manager an attacker can claim and wor...

Security Bulletin: Remote code execution vulnerability within Jackson JSON library affects IBM Business Process Manager (CVE-2017-7525)

Summary Due to a deserialization flaw withinin Jackson JSON library IBM Business Process Manager is vulnerable to a remote code execution vulnerability. Vulnerability Details CVEID: CVE-2017-7525 DESCRIPTION: A deserialization flaw within the Jackson JSON library in the readValue method of the...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1767)

Summary Cross-site scripting vulnerability in an instance user interface affects IBM Business Process Manager. Vulnerability Details CVEID: CVE-2017-1767 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript...

Security Bulletin: Cross-site scripting vulnerability in Business Space affects IBM Business Process Manager, WebSphere Process Server, and WebSphere Enterprise Service Bus (CVE-2018-1384)

Summary Cross-site scripting vulnerability in Business Space allows a remote attacker to inject script. Vulnerability Details CVEID: CVE-2018-1384 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1731)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been...