CVE-2021-38893

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38893

CVE-2021-38893 affects IBM BPM 8.5/8.6 and IBM Business Automation Workflow 18.0–21.0, with a stored Cross‑Site Scripting (XSS) in the Web UI that could lead to credentials disclosure in a trusted session. Connected IBM advisories confirm affected products/versions and provide remediation guidanc...

CVE-2021-38883

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38883

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Cross site scripting

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2021-38883

CVE-2021-38883 affects IBM Business Automation Workflow (versions 18.0.0.x, 19.0.0.x, 20.0.0.x, 21.0.x) and IBM Business Process Manager (8.5.x, 8.6.x). Root cause: cross-site scripting via the Web UI due to lack of sufficient data validation/filtering of user-supplied data during the file upload...

CVE-2021-38883

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

Security Bulletin: Cross Site Scripting when uploading a file might affect IBM Business Automation Workflow - CVE-2021-38883

Summary IBM Business Automation Workflow may be vulnerable to a cross site scripting attack when uploading a file. Vulnerability Details CVEID: CVE-2021-38883 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Process Manager

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 8 used by IBM Spectrum LSF Process Manager. IBM Spectrum LSF Process Manager has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

Authentication flaw

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2021-29753

CVE-2021-29753 affects IBM Cloud Pak for Automation and IBM BPM. Affected: IBM Cloud Pak for Automation (V18.0–V21.0) with BPM V8.5–V8.6. Description: the products “transmit or store authentication credentials” using an insecure method, enabling potential unauthorized interception and retrieval o...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-29753

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to an information disclosure attack. Vulnerability Details CVEID: CVE-2021-29753 DESCRIPTION: IBM Business Automation Workflow transmits or stores authentication credentials, but it uses an insecure method th...

DEBIAN-CVE-2021-21703

In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the...

Security Bulletin: Cross-Site scripting vulnerability affect IBM Business Automation Workflow - CVE-2021-29835

Summary IBM Business Automation Workflow are vulnerable to a Cross Site Scripting attack. Vulnerability Details CVEID: CVE-2021-29835 DESCRIPTION: IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed...

IBM Business Process Manager和IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Automation Workflow is a workflow automation solution. The product is mainly used for workflow management, compliance management, and has features such as workflow visibility and scalability. IBM Business Automation Workflow has a cross-site scripting vulnerability that can be...

PHP 缓冲区错误漏洞

PHP is a scripting language that executes on the server side. PHP suffers from a buffer error vulnerability that could allow an attacker to bypass PHP's access restrictions via FPM in order to read or alter data...

CVE-2021-29834

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

Cross site scripting

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...