Security Bulletin: IBM Engineering Lifecycle Management - Engineering Workflow Management is impacted by vulnerabilities in Apache Velocity

Summary A vulnerability has been identified in Apache Velocity library, which is used in IBM Engineering Lifecycle Management - Engineering Workflow Management. Vulnerability Details CVEID:CVE-2020-13936 DESCRIPTION: An attacker that is able to modify Velocity templates may execute arbitrary Java...

Security Bulletin: The IBM Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a remote code execution vulnerability (CVE-2025-14914)

Summary WebSphere Application Server Liberty 17.0.0.3 - 26.0.0.1 with the restConnector-1.0 or restConnector-2.0 feature enabled is affected by a remote code execution vulnerability. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, it has been addressed in...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty could provide weaker than expected security (CVE-2025-14923)

Summary IBM WebSphere Application Server Liberty with versions ranging 17.0.0.3 - 26.0.0.2 could provide weaker than expected security when using the Security Utility when administering security settings. Following IBM Engineering Lifecycle Management products are vulnerable to this attack, it ha...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary A vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management products are vulnerable to this attack, and addressed in this...

EUVD-2020-26236

Malware in sbrugna...

EUVD-2021-16175

Malware in sbrugna...

EUVD-2021-30791

Malicious code in bioql PyPI...

EUVD-2024-2588

Malicious code in bioql PyPI...

EUVD-2024-25879

Malicious code in bioql PyPI...

CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

CVE-2025-8532

Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166...

Security Bulletin: The IBM® Engineering Lifecycle Management products using WebSphere Application Server Liberty is affected by a denial of service due to Apache Commons FileUpload (CVE-2025-48976)

Summary There is a vulnerability in Apache Commons FileUpload which affects IBM WebSphere Application Server traditional and affects IBM WebSphere Application Server Liberty with the servlet-3.0, servlet-3.1, servlet-4.0, servlet-5.0 or servlet-6.0 feature enabled. Following IBM® Engineering...

CVE-2024-28793

IBM Engineering Workflow Management 7.0.2 and 7.0.3 is vulnerable to stored cross-site scripting. Under certain configurations, this vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary IBM SDK, Java Technology Edition is vulnerable to CVE-2023-38264. Following IBM® Engineering Lifecycle Engineering product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Workflow Management Vulnerability Details Refer to the security bulletins listed...

Security Bulletin: The IBM® Engineering Lifecycle Engineering products using IBM SDK, Java Technology Edition Quarterly CPU - Jul 2024 are affected by multiple vulnerabilities

Summary This bulletin for IBM SDK, Java Technology Edition covers all applicable Java SE CVEs published by Oracle as part of their July 2024 Critical Patch Update, plus CVE-2024-27267. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed i...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

CVE-2024-43403 Kanister has a potential risk which can be leveraged to make a cluster-level privilege escalation

Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate...

IBM Business Automation Workflow Log Information Disclosure Vulnerability

IBM Business Automation Workflow is a suite of workflow automation solutions from International Business Machines IBM. The product is primarily used for workflow management, compliance management, and features workflow visibility and scalability. IBM Business Automation Workflow suffers from a lo...

Exploit for CVE-2024-39211

CVE-2024-39211 Kaiten User Enumeration Kaitenhttps://kait...

IBM Engineering Workflow Management Cross-Site Scripting Vulnerability (CNVD-2024-25255)

IBM Engineering Workflow Management is an enterprise-level engineering workflow management system that provides process management, task assignment, and more. A cross-site scripting vulnerability exists in IBM Engineering Workflow Management versions 7.0.2 and 7.0.3 that stems from insufficient...