CVE-2021-29834

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2021-22918 DESCRIPTION: Node.js is...

Security Bulletin: Multiple vulnerabilities may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) offline documentation

Summary IBM Business Process Manager and IBM Business Automation Workflow offline documentation packages open source libraries with known vulnerabilities. Do not install offline documentation and remove existing installations with the fix provided below. Vulnerability Details CVEID: CVE-2021-2335...

IBM Business Process Manager和IBM Business Automation Workflow 跨站脚本漏洞

IBM Business Process Manager BPM and IBM Business Automation Workflow are both products of IBM Corporation, U.S.A. IBM Business Process Manager is a comprehensive business process management platform. The platform provides a series of related tools for business process modeling, assembly,...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Process Manager

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 8 used by IBM Spectrum LSF Process Manager. IBM Spectrum LSF Process Manager has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

IBM Business Automation Workflow and IBM Business Process Manager Access Control Error Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions.IBM Business Process Manager is a comprehensive business process management platform. An access control error vulnerability exists in IBM Business Automation Workflow and IBM Business Process Manager, which arises from t...

IBM Business Process Manager and IBM Cloud Pak for Automation Cross-Site Scripting Vulnerability

IBM Business Process Manager BPM is a comprehensive business process management platform from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent...

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779...

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779...

Code injection

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779...

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779...

CVE-2021-29751

IBM Business Automation Workflow 18.0, 19.0, 20.0 and IBM Business Process Manager 8.5, 8.6 are affected by an access control error that could allow an authenticated user to obtain sensitive information about another user in non-default configurations. Root cause described across connected source...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2021-3450 DESCRIPTION: OpenSSL cou...

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow are vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2021-29775 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI...

Security Bulletin: Incorrect authorization in IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary IBM Business Process Manager and IBM Business Automation Workflow allow an authenticated user to obtain sensitive information about another user. Vulnerability Details CVEID: CVE-2021-29751 DESCRIPTION: IBM Business Automation Workflow could allow an authenticated user to obtain sensitive...

IBM Business Process Manager 跨站脚本漏洞

IBM Business Process Manager BPM is a comprehensive business process management platform from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent software platform for building automation applications in cloud environments from IBM, U.S.A. IBM Cloud Pak for Automation is an intelligent...

IBM Business Process Manager和IBM Business Automation Workflow 访问控制错误漏洞

IBM Business Automation Workflow is a suite of workflow automation solutions.IBM Business Process Manager is a comprehensive business process management platform. An access control error vulnerability exists in IBM Business Automation Workflow and IBM Business Process Manager, which arises from t...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Spectrum LSF Process Manager

Summary There are multiple vulnerabilities in IBM®Runtime Environment Java™Version 8 used by IBM Spectrum LSF Process Manager. IBM Spectrum LSF Process Manager has addressed the applicable CVEs. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

Security Bulletin: XML External Entity Injection vulnerability affects IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-20482

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a XML External Entity Injection attack. Vulnerability Details CVEID: CVE-2021-20482 DESCRIPTION: IBM Business Automation Workflow is vulnerable to an XML External Entity Injection XXE attack when processin...

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Summary Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2020-1971 DESCRIPTION: OpenSSL is vulnerable t...