Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remot...

Security Bulletin: Cross-site scripting vulnerability in IBM Business Process Manager (BPM) - CVE-2017-1425

Summary IBM BPM reflects untrusted user input without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection. Vulnerability Details CVEID: CVE-2017-1425 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1381)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1382)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (CVE-2017-1380)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Security Bulletin: HTML injection vulnerability in IBM Business Process Manager (BPM) - CVE-2017-1424

Summary IBM BPM allows users to interact with one another without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection. Vulnerability Details CVEID: CVE-2017-1424 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

Security Bulletin: Potential information leakage during process app export in IBM Business Process Manager (CVE-2017-1346)

Summary IBM Business Proccess Manager temporarily stores files in an usually shared directory during offline installs and thus might leak sensitive information stored in the files. Vulnerability Details CVEID: CVE-2017-1346 DESCRIPTION: IBM Business Process Manager temporarily stores files in a...

Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Process Designer used in IBM Business Process Manager and WebSphere Lombardi Edition

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is used by IBM Process Designer in IBM Business Process Manager and WebSphere Lombardi Edition. These issues were disclosed as part of the IBM Java SDK updates in January 2017. Vulnerability Details CVEID:...

Security Bulletin: Open redirect vulnerability in IBM Business Process Manager (CVE-2017-1159)

Summary IBM Business Process Manager is vulnerable to open redirects, caused by improper validation of user-supplied input. Vulnerability Details CVEID: CVE-2017-1159 DESCRIPTION: IBM Business Process Manager could allow a remote attacker to conduct phishing attacks, using an open redirect attack...

Security Bulletin: A security vulnerability in WebSphere Application Server might affect IBM Business Process Manager (BPM), WebSphere Process Server (WPS) and WebSphere Lombardi Edition (WLE) (CVE-2016-0360)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin...

Security Bulletin: A security vulnerability in WebSphere Application Server might affect IBM Business Process Manager (CVE-2017-1151)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager BPM. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. The affected component is only available in case option...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM), WebSphere Process Server (WPS) and WebSphere Lombardi Edition (WLE) (Java CPU January 2017)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server. Information about...

Security Bulletin: Persistent cross-site scripting vulnerability in IBM Business Process Manager (CVE-2017-1140)

Summary IBM Business Proccess Manager is vulnerable to persistent cross-site scripting, caused by improper neutralization of user-supplied input. Vulnerability Details CVEID: CVE-2017-1140 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows...

Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2017-1121)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability...

Security Bulletin: Malicious File Download vulnerability in IBM Business Process Manager (BPM) and WebSphere Lombardi Edition (WLE) - CVE-2016-9693

Summary A comma separated file CSV download feature exists in IBM BPM and WLE and is available for anonymous users. An attacker can craft a URL that can trigger a download of attacker-supplied content under an attacker-supplied file name onto the victim's machine. Vulnerability Details CVEID:...

Security Bulletin: IBM Business Process Manager (BPM) document store is affected by clickjacking vulnerability in administrative tool for BPM document store (CVE-2013-5462)

Summary A clickjacking vulnerability has been reported for the administrative tool ACCE of the embedded component used by IBM BPM document store. Vulnerability Details CVEID: CVE-2013-5462 DESCRIPTION: The IBM Content Navigator application URL can be opened within a frame in a Web page. In this...

Security Bulletin: Cross Site Scripting vulnerability in IBM Business Process Manager (BPM) (CVE-2016-6109)

Summary IBM BPM is vulnerable to cross-site scripting, caused by improper neutralization of user-supplied input in some error situations. Vulnerability Details CVEID: CVE-2016-6109 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to...

Security Bulletin: A Security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (CVE-2016-8919)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability...

Security Bulletin: Cross Site Scripting vulnerability in responsive coach view of IBM Business Process Manager (CVE-2016-9731)

Summary One of the responsive coach views that can be used by customers to build responsive web forms that interact with business processes is vulnerable to cross site scripting. Vulnerability Details CVEID: CVE-2016-9731 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2016-6304 DESCRIPTION: OpenSSL is vulnerable to a...