Security Bulletin: Multiple security vulnerabilities have been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2021-33517, CVE-2021-36090)

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about security vulnerabilities affecting I...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Digital Business Automation Workflow family products (CVE-2020-5258)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2021-4104, CVE-2021-45046)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and WebSphere Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a securi...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server traditional and Liberty profile shipped with IBM Digital Business Automation Workflow family products (CVE-2021-26296)

Summary WebSphere Application Server traditional is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Informatio...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server Liberty profile shipped with IBM Digital Business Automation Workflow family products (CVE-2020-4590)

Summary WebSphere Application Server Liberty profile is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty profile have been published in a security bulletin...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1794)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, and IBM Business Process Manager Enterprise Service Bus. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been...

Security Bulletin: XML External Entity Injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4424)

Summary An XML External Entity Injection vulnerability in IBM Business Automation Workflow and IBM BPM has been found. Vulnerability Details CVEID: CVE-2019-4424 DESCRIPTION: IBM Business Automation Workflow is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2019-12406)

Summary WebSphere Application Server Liberty is shipped as part of the optional components Process Federation Server since 8.5.6, and User Management Service since 18.0.0.1 in IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting I...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1926)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-1797)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (Java CPU April 2019)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process...

Security Bulletin: A security vulnerability in FileNet Content Management Interoperability Services (CMIS) might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2018-1364)

Summary An XML external entity security vulnerability has been reported for FileNet Content Management Interoperability Services CMIS shipped with IBM Business Automation Workflow and IBM BPM. Vulnerability Details CVEID: CVE-2018-1364 DESCRIPTION: IBM Content Navigator 2.0 and 3.0 is vulnerable ...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (Java CPU October 2018)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the...

Security Bulletin: Reverse tabnabbing vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4425)

Summary A reverse tabnabbing vulnerability in IBM Business Automation Workflow and IBM BPM has been found. Vulnerability Details CVEID: CVE-2019-4425 DESCRIPTION: IBM Business Automation Workflow could allow a user to obtain highly sensitive information from another user by inserting links that...

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4505)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details...

Security Bulletin: Information leakage in IBM Business Automation Workflow (CVE-2018-1999)

Summary An information leakage vulnerability in IBM Business Automation Workflow has been found. Vulnerability Details CVEID: CVE-2018-1999 DESCRIPTION: IBM Business Process Manager could reveal sensitive version information about the server from error pages that could aid an attacker in further...

Security Bulletin: Denial of service vulnerability in IBM Business Automation Workflow (CVE-2018-1997)

Summary A denial of service vulnerability has been found in IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-1997 DESCRIPTION: IBM Business Automation Workflow and Business Process Manager are vulnerable to a denial of service attack. An authenticated attacker might send a...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with IBM Digital Business Automation Workflow family products (CVE-2019-4663)

Summary WebSphere Application Server Liberty is shipped as a component of IBM Business Automation Workflow and IBM Business Process Manager Process Federation Server since 8.5.6 and User Management Service since 18.0.0.1. Information about a security vulnerability affecting IBM WebSphere...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (CVE-2018-10237)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, and IBM Business Process Manager. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federation Server and User Management Service. Information abo...

Security Bulletin: Cross-site request forgery vulnerability in IBM Business Automation Workflow (CVE-2018-2000)

Summary A Cross-site request forgery vulnerability has been found in IBM Business Automation Workflow. Vulnerability Details CVEID: CVE-2018-2000 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthoriz...