Security Bulletin: Open redirect security vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4479)

Summary IBM Business Process Manager and IBM Business Automation Workflow could allow a remote attacker to conduct phishing attacks, using an open redirect attack. Vulnerability Details CVEID: CVE-2019-4479 DESCRIPTION: IBM Business Process Manager and IBM Business Automation Workflow could allow...

Security Bulletin: Denial of service vulnerability in IBM Business Automation Workflow (CVE-2018-1997)

Summary A denial of service vulnerability has been found in IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-1997 DESCRIPTION: IBM Business Automation Workflow and Business Process Manager are vulnerable to a denial of service attack. An authenticated attacker might send a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1926)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (Java CPU July 2019)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2019-9517 DESCRIPTION: Multiple...

Security Bulletin: Persistent Cross-Site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-35644

Summary Process Admin Console is vulnerable to a persistent Cross Site-Scripting attack. Vulnerability Details CVEID:CVE-2022-35644 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thu...

Security Bulletin: Prototype pollution vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - [CVE-2021-23450]

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a prototype pollution attack. CVE-2021-23450 Vulnerability Details CVEID:CVE-2021-23450 DESCRIPTION: Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype...

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-35618

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details CVEID: CVE-2020-36518 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused by a Java StackOverflow exception. By using a...

Security Bulletin: IBM Spectrum LSF Suite and IBM Platform Process Manager are vulnerable to arbitrary code execution and denial of service due to Apache Log4j (CVE-2021-4104, CVE-2020-9488, CVE-2022-23302, CVE-2022-23307, CVE-2022-23305)

Summary Apache Log4j is used by IBM Spectrum LSF Suite and IBM Platform Process Manager as part of its logging infrastructure. These vulnerabilities can be addressed by executing steps detailed in the Workaround section. These issues will be addressed in the next fix patch release 10.2.0.13 by en...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

Cross site request forgery (csrf)

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

IBM Business Process Manager和IBM Business Automation Workflow 跨站请求伪造漏洞

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

Security Bulletin: Cross-Site Request Forgery vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-22361

Summary Process Admin Console in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Cross-Site Request Forgery attack. Vulnerability Details CVEID: CVE-2022-22361 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site request forgery which cou...

CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803,...

GHSA-JJHJ-8GX7-X836 Incorrect Access Control in Phusion Passenger

An Incorrect Access Control vulnerability in SpawningKit in Phusion Passenger 5.3.x before 5.3.2 allows a Passenger-managed malicious application, upon spawning a child process, to report an arbitrary different PID back to Passenger's process manager. If the malicious application then generates a...

Security Bulletin: Cross-site scripting vulnerabilities in jQuery may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-11022, CVE-2020-11023

Summary A copy of the open source library jQuery is shipped as part of the swagger-ui in IBM Business Process Manager and IBM Business Automation Workflow. Cross-Site scripting vulnerabilities have been reported for this library. Vulnerability Details CVEID: CVE-2020-11022 DESCRIPTION: jQuery is...

Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023

Summary Cross Site Scripting vulnerabilities in jQuery might affect Process Portal in IBM Business Automation Workflow and IBM Business Process Manager BPM. Vulnerability Details CVEID: CVE-2020-7656 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation of...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2022-0155, CVE-2022-0536, CVE-2021-3749

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-3749 DESCRIPTION: axios is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw in the trim...