Security Bulletin: Vulnerability in http2-common affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in http2-common that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-9517 DESCRIPTION: Multiple vendors...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2020-27223,CVE-2021-28169)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-27223 DESCRIPTION: Eclipse Jetty i...

Security Bulletin: Vulnerability in Node.js IS-SVG affects IBM Process Mining (CVE-2021-29059, CVE-2021-28092)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-29059 DESCRIPTION: Node.js IS-SVG...

Security Bulletin: Vulnerability in jQuery affects IBM Process Mining (Multiple CVEs)

Summary There are multiple vulnerabilities in JQuery that could allow an attacker to launch cross-site scripting. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2015-9251 DESCRIPTION: jQuer...

Security Bulletin: Vulnerability in d3-color affects IBM Process Mining . WS-2022-0322

Summary There is a vulnerability in d3-color that could allow an attacker to execute a DOS on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 212233 DESCRIPTION: d3-color i...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (CVE-2021-28165)

Summary There is a vulnerability in Eclipse Jetty that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-28165 DESCRIPTION: Eclipse Jetty i...

Security Bulletin: Vulnerability in bpmn affects IBM Process Mining . WS-2019-0208

Summary There is a vulnerability in bpmn that could allow a remote attacker to execute a malicious script due to XSS. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 221062 DESCRIPTION...

Security Bulletin: IBM Process Mining is vulnerable to cross-site scripting due to Select2 CVE-2016-10744

Summary Select2 is used by IBM Process Mining. CVE-2016-10744. Vulnerability Details CVEID:CVE-2016-10744 DESCRIPTION: Select2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the rich selectlists. A remote attacker could exploit this vulnerability to...

Security Bulletin: Vulnerability in SnakeYAML affects IBM Process Mining . CVE-2022-38751

Summary There is a vulnerability in SnakeYAML that could allow a Denial Of Service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-38751 DESCRIPTION: SnakeYAML is vulnerable to a denia...

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining (CVE-2019-5484)

Summary There is a vulnerability in Node.js that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-5484 DESCRIPTION: Node.js bower...

Security Bulletin: Vulnerability in Moment.js affects IBM Process Mining . CVE-2022-24785

Summary There is a vulnerability in Moment.js that could allow a path traversal. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-24785 DESCRIPTION: Moment.js could allow a remote attack...

Security Bulletin: Vulnerability in SnakeYAML affects IBM Process Mining . CVE-2022-25857

Summary There is a vulnerability in SnakeYAML that could allow a Denial Of Service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is...

Security Bulletin: Vulnerability in Axios affects IBM Process Mining . CVE-2022-1214

Summary There is a vulnerability in Axios that could allow a remote authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-1214...

Security Bulletin: Vulnerability in Axios affects IBM Process Mining . IBM X-Force ID: 232247

Summary There is a vulnerability in Axios that could allow a remote attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details IBM X-Force ID: 232247 DESCRIPTION: axios...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Process Mining (CVE-2022-23181)

Summary There is a vulnerability in Apache Tomcat that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-23181...

Security Bulletin: Vulnerability in Node.js affects IBM Process Mining . CVE-2022-33987

Summary There is a vulnerability in Node.js that could allow a UNIX socket redirect, bypassing security restrictions . The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-33987 DESCRIPTION:...

Security Bulletin: Vulnerability in Eclipse Jetty affects IBM Process Mining (Multiple CVEs)

Summary There are multiple vulnerabilities in Eclipse Jetty that could allow an attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2021-34428...

Security Bulletin: Vulnerability in jackson-databind affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in jackson-databind that could allow a local attacker to launch a symlink attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2020-36182 DESCRIPTION:...

Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)

Summary There is a vulnerability in Lodash that could allow an attacker to launch a DOS attack. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2019-1010266 DESCRIPTION: Lodash is vulnerable...

Security Bulletin: Vulnerability in Spring Framework affects IBM Process Mining and could allow a local attacker to execute arbitrary code on the system (CVE-2022-22965)

Summary There is a vulnerability in Spring Framework that could allow a local attacker to execute arbitrary code on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. The product is in an affected but not vulnerab...