CVE-2025-36054

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

CVE-2025-36054

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

CVE-2025-36054 Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server -

IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site scripting. This...

CVE-2025-36054

IBM Business Automation Workflow containers (versions 24.0.0-IF006 to 24.0.0, 24.0.1-IF004, 25.0.0-IF001) and the traditional with Process Federation Server (24.0.0 to 24.0.1, 25.0.0) are affected by a cross-site scripting (CWE-79) vulnerability (CVE-2025-36054). An unauthenticated attacker can i...

Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow Process Federation Server - CVE-2025-36054

Summary IBM Business Automation Workflow Process Fedeeration Server is vulnerable to a Cross-site scripting attack. Vulnerability Details CVEID:CVE-2025-36054 DESCRIPTION: IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker...

IBM Business Automation Workflow containers和IBM Business Automation Workflow traditional with Process Federation Server 跨站脚本漏洞

IBM Business Automation Workflow containers and IBM Business Automation Workflow traditional with Process Federation Server are both International Business Machines IBM suites of enterprise process automation platforms from International Business Machines IBM. A cross-site scripting vulnerability...

EUVD-2020-25572

Malware in sbrugna...

Security Bulletin: Denial of Service vulnerabilities affect IBM Business Automation Workflow - optional Process Federation Server component (CVE-2022-42003, CVE-2022-42004)

Summary Optional component Process Federation Server in IBM Business Automation Workflow is affected by Denial of Service vulnerabilities reported for jackson-databind. Vulnerability Details CVEID:CVE-2022-42003 DESCRIPTION: FasterXML jackson-databind is vulnerable to a denial of service, caused ...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server Liberty shipped with the optional IBM Business Process Manager component Process Federation Server (CVE-2017-1788)

Summary WebSphere Application Server Liberty is shipped as a component of the optional IBM Business Process Manager component Process Federation Server. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty have been published in a security bulletin...

Security Bulletin: Multiple vulnerabilities have been identified in IBM WebSphere Application Server shipped with IBM Digital Business Automation Workflow family products (Java CPU June 2018)

Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow, IBM Business Process Manager, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. WebSphere Application Server Liberty is shipped as a component of the...

Security Bulletin: Spoofing vulnerability affect IBM Business Automation Workflow - Process Federation Server component - CVE-2018-25013

Summary Process Federation Server shipped with IBM Business Automation Workflow are vulnerable to a Spoofing attack. Vulnerability Details CVEID:CVE-2018-25031 DESCRIPTION: swagger-ui could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a specially-crafted URL...

Security Bulletin: Apache Log4j vulnerability affects IBM Business Automation Workflow (CVE-2021-44228)

Summary Process Federation Server PFS, shipped with IBM Business Automation Workflow BAW, is vulnerable to a vulnerability caused by log4j. The vulnerability is included in the ElasticSearch client library used by PFS. The ElasticSearch vulnerable library was also shipped in offline documentation...

Multiple IBM Products Licensing Issues Vulnerabilities

IBM Business Process Manager BPM and so on are products of IBM Corporation in the U.S. IBM Business Process Manager is a set of integrated business process management platform.IBM Business Automation Workflow is a set of workflow automation solutions. IBM Process Federation Server Component is an...

Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-4794

Summary The optional component Process Federation Server that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a information disclosure and denial of service attack. Vulnerability Details CVEID: CVE-2020-4794 DESCRIPTION: IBM Process Federation...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

Design/Logic Flaw

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

CVE-2020-4325

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the...

CVE-2020-4325

CVE-2020-4325 affects IBM Process Federation Server and IBM Automation Workstream Services in Cloud Pak for Automation. The root cause is improper shutdown of thread pools used to retrieve Global Teams information, causing JVM memory to be unrecoverable and leading to OutOfMemory errors when the ...

Security Bulletin: IBM Process Federation Server REST API is subject to DoS attacks

Summary IBM Process Federation Server Global Teams REST API does not properly shut down the thread pools that it creates, leading to OutOfMemory exceptions, and could be targeted by DoS attacks. Vulnerability Details CVEID: CVE-2020-4325 DESCRIPTION: The IBM Process Federation Server Global Teams...

Security Bulletin: Multiple vulnerabilities in WebSphere Application Server affect IBM Business Process Manager, WebSphere Process Server and WebSphere Lombardi Edition (Java CPU April 2016)

Summary WebSphere Application Server is shipped as a component of IBM Business Process Manager, WebSphere Process Server, and WebSphere Lombardi Edition. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability...