662 matches found
Security Bulletin: Due to the use of hibernate-core. IBM webMethods BPM is vulnerable to a second-order SQL injection
Summary IBM webMethods BPM tool is dependant on hibernate-core which is affected by known vulnerability - CVE-2026-0603. Vulnerability Details CVEID:CVE-2026-0603 DESCRIPTION: A flaw was found in Hibernate. A remote attacker with low privileges could exploit a second-order SQL injection...
CVE-2026-3207
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
EUVD-2026-12625
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-3207
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-3207 TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-3207 TIBCO BPM Enterprise Remote Code Execution (RCE) Vulnerability
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-3207
Configuration issue in Java Management Extensions JMX in TIBCO BPM Enterprise version 4.x allows unauthorised access...
CVE-2026-3207
Technical details for CVE-2026-3207 are not publicly available in the provided documents. Monitor for updates to learn affected products/versions, impact, and remediation.
TIBCO BPM Enterprise 安全漏洞
TIBCO BPM Enterprise is a business process management platform developed by TIBCO Corporation in the United States. This platform enables companies to drive digital transformation by making better decisions and taking faster, more informed actions. Version 4.x of TIBCO BPM Enterprise contains a...
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to jetty-server
Summary IBM webMethods BPM uses jetty-server as a transitive dependency brought in by the WebMethods Integration Server is-server dependency. The Integration Server runtime uses Jetty internally for its web server infrastructure. Vulnerability Details CVEID:CVE-2024-8184 DESCRIPTION: There exists...
Security Bulletin: IBM webMethods BPM is vulnerable to Out-of-bounds memory operations in org.lz4:lz4-java.
Summary IBM webMethods BPM uses lz4-java which is pulled in automatically as a dependency of webmethods event streaming library. Vulnerability Details CVEID:CVE-2025-12183 DESCRIPTION: Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kafka-clients
Summary IBM webMethods BPM uses kafka-clients.jar which is pulled in automatically as a dependency of webmethods event streaming library, Kafka-clients.jar provides Apache Kafka client APIs for producing and consuming messages. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: A security...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to bc-fips
Summary IBM webMethods BPM uses bc-fips which is pulled in by webMethods Integration Server core for FIPS-compliant cryptographic operations. The BPM Process Engine relies on IS infrastructure for security but doesn't directly use Bouncy Castle APIs. Vulnerability Details CVEID:CVE-2025-8885...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to log4j-core
Summary IBM webMethods BPM uses log4j-core for process instance-specific logging in the BPM Process Engine, creating individual log files for each process instance to track execution details, errors, and debugging information separately from the general system logs. Vulnerability Details...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to kotlin-stdlib
Summary IBM webMethods BPM uses kotlin-stdlib in all Kotlin-based modules to provide core Kotlin language support and runtime utilities. Vulnerability Details CVEID:CVE-2020-29582 DESCRIPTION: In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder creation...
Security Bulletin: IBM webMethods BPM is vulnerable to a denial of service due to snappy-java
Summary IBM webMethods BPM uses snappy-java which is automatically pulled in by kafka-clients as a compression codec dependency. The project doesn't directly use Snappy; it's used internally by Kafka for efficient message compression when streaming events through webmethods's event streaming...
Security Bulletin: Due to use of apache.felix.webconsole, IBM webMethods BPM is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability
Summary IBM webMethods BPM is using apache.felix.webconsole. Vulnerability Details CVEID:CVE-2025-25247 DESCRIPTION: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Felix Webconsole. This issue affects Apache Felix Webconsole 4.x up to...
Oracle Business Process Management Suite (14.1.2.0.0) (January 2026 CPU)
The version of Oracle Business Process Management Suite installed on the remote host is affected by a vulnerability, as referenced in the January 2026 CPU advisory: - Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Composer Apache Commo...
CVE-2025-67278
An issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP request...