Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2019-08-20 |
| Product | Business Process Manager | Last view | 2022-05-31 |
| Version | 8.6.0.0 | Type | Application |
| Update | cf2018.03 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | - | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:business_process_manager | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 6.5 | 2022-05-31 | CVE-2022-22361 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
| 5.7 | 2019-08-20 | CVE-2019-4425 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from another user by inserting links that would be clicked on by unsuspecting users. IBM X-Force ID: 162771. |
| 8.2 | 2019-08-20 | CVE-2019-4424 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 50% (1) | CWE-611 | Information Leak Through XML External Entity File Disclosure |
| 50% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
