This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2019-08-20
Product Business Process Manager Last view 2022-05-31
Version 8.6.0.0 Type Application
Update cf2018.03  
Edition *  
Language *  
Sofware Edition -  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:business_process_manager

Activity : Overall

Related : CVE

  Date Alert Description
6.5 2022-05-31 CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

5.7 2019-08-20 CVE-2019-4425

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771.

8.2 2019-08-20 CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-611 Information Leak Through XML External Entity File Disclosure
50% (1) CWE-352 Cross-Site Request Forgery (CSRF)