This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ibm First view 2022-05-31
Product Business Automation Workflow Last view 2023-01-26
Version 21.0.3 Type Application
Update if007  
Edition *  
Language *  
Sofware Edition containers  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:ibm:business_automation_workflow

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2023-01-26 CVE-2022-43864

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.

6.1 2022-12-07 CVE-2022-41735

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.

5.4 2022-11-17 CVE-2022-38390

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.

4.3 2022-11-03 CVE-2022-35279

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537."

6.5 2022-05-31 CVE-2022-22361

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

CWE : Common Weakness Enumeration

%idName
40% (2) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
20% (1) CWE-352 Cross-Site Request Forgery (CSRF)
20% (1) CWE-312 Cleartext Storage of Sensitive Information
20% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...