MAL-2025-9808 Malicious code in @zalastax/nolb-_baw (npm)

The package @zalastax/nolb-baw was found to contain malicious code...

Security Bulletin: Information disclosure vulnerability affect IBM Business Automation Workflow - CVE-2023-50959

Summary IBM Business Automation Workflow is vulnerable to an information disclosure attack. Vulnerability Details CVEID:CVE-2023-50959 DESCRIPTION: IBM Business Automation Workflow may allow end users to query more documents than expected from a connected Enterprise Content Management system when...

baw-auto.com.tw Cross Site Scripting vulnerability OBB-2881627

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Improper access control

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607...

CVE-2021-38900

CVE-2021-38900 affects IBM BPM 8.5/8.6 and IBM BAW 18.0–21.0, where improper access controls could allow a privileged user to obtain highly sensitive information. Public sources (IBM Security Bulletin, IBM support pages, and related advisories) detail affected product versions within IBM Cloud Pa...

CVE-2021-29753

IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval...

CVE-2021-29834

The CVE-2021-29834 entry concerns a stored cross-site scripting (XSS) vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM). According to IBM’s Security Bulletin, the affected versions are IBM Business Automation Workflow: V18.0, 19.0, 20.0, 21.0.2 and V20.0.2 p...

CVE-2021-29775

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to...

CVE-2020-4672

IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285...

CVE-2020-4490

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID:...

CVE-2020-4446

CVE-2020-4446 affects IBM Business Process Manager (BPM) versions 8.0, 8.5, and 8.6 and IBM Business Automation Workflow (BAW) versions 18.0 and 19.0. The root cause is insufficient authorization checks, enabling a remote attacker to bypass security restrictions. Public details from the connected...

CVE-2019-4669

CVE-2019-4669 affects IBM BPM/Business Automation Workflow: IBM Business Process Manager 8.5.7.0 (and 8.5.7.0 2017.06), 8.6.0.0 (and 8.6.0.0 CF2018.03), and IBM Business Automation Workflow 18.0.0.1–19.0.0.3 are vulnerable to SQL injection. A remote attacker could send crafted SQL to view, add, m...

Design/Logic Flaw

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889...

CVE-2019-4045

IBM CVE-2019-4045 affects IBM Business Automation Workflow and IBM Business Process Manager, specifically versions 18.0.0.0–18.0.0.2 (and various BPM CF/iFix ranges). The root cause is a missing restriction in an API that allows a client to spoof the last-modified-by value of a document within th...

CVE-2019-4045

IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241...