Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow Event Emitters - CVE-2023-51074

Summary IBM Business Automation Workflow Event Emitters are vulnerable to a Denial of Service attack. Vulnerability Details CVEID:CVE-2023-51074 DESCRIPTION: json-path is vulnerable to a denial of service, caused by a stack-based buffer overflow in the Criteria.parse method. By sending a speciall...

Security Bulletin: Denial of service vulnerability affects IBM Business Automation Workflow Event Emitters - CVE-2023-43642

Summary IBM Business Automation Workflow Event Emitters package a copy of snappy with a known vulnerability. Vulnerability Details CVEID:CVE-2023-43642 DESCRIPTION: snappy-java is vulnerable to a denial of service, caused by missing upper bound check on chunk length. By sending a specially crafte...

Security Bulletin: Deserialization vulnerability affect IBM Business Automation Workflow BPM Event Emitters - CVE-2022-1471

Summary A vulnerable copy of snakeyaml is packaged with BPMEventEmitters and CaseEventEmitters in IBM Business Automation Workflow. Vulnerability Details CVEID:CVE-2022-1471 DESCRIPTION: SnakeYaml could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an...