Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary The Lucene library used in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack. Vulnerability Details Third Party Entry: 216835 DESCRIPTION: Apache Lucene is vulnerable to a denial of service. By sending a specific regular...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38893

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2021-38966 DESCRIPTION: IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Researchers Uncover New Android Spyware With C2 Server Linked to Turla Hackers

An Android spyware application has been spotted masquerading as a "Process Manager" service to stealthily siphon sensitive information stored in the infected devices. Interestingly, the app — that has the package name "com.remote.app" — establishes contact with a remote command-and-control server...

IBM Business Automation Workflow and Business Process Manager Information Disclosure Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from IBM USA. The product is mainly used for workflow management, compliance management, and features workflow visibility and scalability. An information disclosure vulnerability exists in IBM Business Automation Workflo...

CVE-2021-39046

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346...

CVE-2021-39046

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346...

Code injection

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346...

CVE-2021-39046

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346...

IBM Business Automation Workflow信息泄露漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions from IBM USA. The product is mainly used for workflow management, compliance management, and features workflow visibility and scalability. An information disclosure vulnerability exists in IBM Business Automation Workflo...

Security Bulletin: Information disclosure vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-CVE-2021-39046

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-39046 DESCRIPTION: IBM Business Automation Workflow stores user credentials in plain clear text which can be read by a lprivileged...

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38893

Summary Process Admin Console in IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2021-38893 DESCRIPTION: IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20....

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38900

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a information disclosure attack, potentially revealing sensitive information to an administrator. Vulnerability Details CVEID: CVE-2021-38900 DESCRIPTION: IBM Business Process Manager 8.5 and 8.6 and IBM...

Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-22960, CVE-2021-22959

Summary Configuration Editor in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a HTTP request smuggling attack. Vulnerability Details CVEID: CVE-2021-22960 DESCRIPTION: Node.js is vulnerable to HTTP request smuggling, caused by an error when parsing the body o...

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4516

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a cross-site scripting attack. Vulnerability Details CVEID: CVE-2020-4516 DESCRIPTION: IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to cross-site scripting. This...

CVE-2021-38893

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38893

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38900

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607...

CVE-2021-38900

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607...

Cross site scripting

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38900

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607...