EUVD-2014-4677

Malware in sbrugna...

Security Bulletin: Security vulnerability in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-14919)

Summary Security vulnerability has been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-14919 DESCRIPTION: Node.js is vulnerable to a...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor (CVE-2017-3737 CVE-2017-3738)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-3737 DESCRIPTION: OpenSSL could allow a remo...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Digital Business Automation Workflow family products (Java CPU April 2018)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process...

Security Bulletin: A CVE-2021-37714 vulnerability in jsoup affects IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Summary A vulnerabilitiy exists in jsoup used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37714 DESCRIPTION: jsoup is vulnerable to a denial of service, caused by improper input validation. By sending ...

Security Bulletin: Security vulnerabilities in Dojo and jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for Dojo and jQuery version shipped with IBM Business Automation Workflow and IBM BPM. Vulnerability Details CVEID:CVE-2018-15494 DESCRIPTION: Dojo Toolkit is vulnerable to cross-site scripting, caused by improper validation of user-supplied inp...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2019-15606 DESCRIPTION: Node.js cou...

Security Bulletin: XML External Entity Injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4424)

Summary An XML External Entity Injection vulnerability in IBM Business Automation Workflow and IBM BPM has been found. Vulnerability Details CVEID: CVE-2019-4424 DESCRIPTION: IBM Business Automation Workflow is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A...

Security Bulletin: Blind SQL injection vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (CVE-2018-1674)

Summary IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to blind SQL injection due to insufficient validation of user-provided input in an API. Vulnerability Details CVEID: CVE-2018-1674 DESCRIPTION: IBM Business Process Manager is vulnerable to SQL injection. A...

Security Bulletin: Cross-site scripting in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4204)

Summary A cross-site scripting vulnerability in IBM Business Automation Workflow and IBM BPM has been found. Vulnerability Details CVEID: CVE-2019-4204 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScrip...

Security Bulletin: Reverse tabnabbing vulnerability in IBM Business Automation Workflow and IBM Business Process Manager (BPM) (CVE-2019-4425)

Summary A reverse tabnabbing vulnerability in IBM Business Automation Workflow and IBM BPM has been found. Vulnerability Details CVEID: CVE-2019-4425 DESCRIPTION: IBM Business Automation Workflow could allow a user to obtain highly sensitive information from another user by inserting links that...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js. Vulnerability Details CVEID:CVE-2021-44531 DESCRIPTION: Node.js cou...

Sql injection

IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109...

Security Bulletin: A security vulnerability has been identified in WebSphere Application Server shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise (CVE-2016-8934)

Summary There is a security vulnerability in WebSphere Application Server, IBM Business Process Manager, and IBM Tivoli System Automation Application Manager that is shipped with IBM Cloud Orchestrator and Cloud Orchestrator Enterprise. Additionally, the vulnerability affects Jazz™ for Service...

Security Bulletin: Cross-Site Scripting vulnerability affects IBM Process Designer used in IBM Business Process Manager (CVE-2017-1494)

Summary IBM Process Designer used in IBM Business Process Manager is vulnerable to Cross-Site Scripting. Vulnerability Details CVEID: CVE-2017-1494 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code i...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager (BPM), WebSphere Process Server (WPS), WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition (WLE) (Java CPU July 2017)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the optional BPM component Process Federati...

Security Bulletin: XML External Entity (XXE) injection vulnerability affects IBM Business Process Manager (CVE-2017-1527)

Summary IBM Business Process Manager BPM can process XML messages, including messages from untrusted sources. Because of insufficient restriction of an XML parser, XML External Entity injection allows an authenticated remote attacker to send specially crafted XML messages and thus cause a denial ...

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor

Summary Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Process Manager includes a stand-alone tool for editing configuration properties files that is based IBM SDK for Node.js. Vulnerability Details CVEID: CVE-2017-1000381 DESCRIPTION: c-ares could allow a remot...

Security Bulletin: HTML injection vulnerability in IBM Business Process Manager (BPM) - CVE-2017-1424

Summary IBM BPM allows users to interact with one another without fully removing HTML markup. This might allow controlling parts of the user interface, possibly script injection. Vulnerability Details CVEID: CVE-2017-1424 DESCRIPTION: IBM Business Process Manager is vulnerable to cross-site...

Security Bulletin: Potential information leakage during process app export in IBM Business Process Manager (CVE-2017-1346)

Summary IBM Business Proccess Manager temporarily stores files in an usually shared directory during offline installs and thus might leak sensitive information stored in the files. Vulnerability Details CVEID: CVE-2017-1346 DESCRIPTION: IBM Business Process Manager temporarily stores files in a...