Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
ibm

Business Automation Workflow

25 Versions 39 CVEs

Versions

18.0

MAJOR_MINOR 9 CVEs

19.0.0.1

OTHER 12 CVEs

22.0.1

SEMANTIC 1 CVE

21.0.1

SEMANTIC 3 CVEs

C.D.0

OTHER 1 CVE

20.0

MAJOR_MINOR 9 CVEs

20.0.0

SEMANTIC 1 CVE

20.0.0.1

OTHER 9 CVEs

21.0.2

SEMANTIC 4 CVEs

22.0.2, 23.0.1, 23.0.2

OTHER 1 CVE

22.0.2

SEMANTIC 1 CVE

20.0.0.2

OTHER 7 CVEs

19.0.0.0

OTHER 1 CVE

21.0

MAJOR_MINOR 3 CVEs

18.0.0.1

OTHER 18 CVEs

19.0.0.2

OTHER 7 CVEs

21.0.3.1

OTHER 1 CVE

19.0

MAJOR_MINOR 9 CVEs

18.0.0

SEMANTIC 1 CVE

19.0.0.3

OTHER 9 CVEs

21.0.3

SEMANTIC 2 CVEs

22.0.2, 23.0.1, 23.0.2, 24.0.0

OTHER 2 CVEs

18.0.0.0

OTHER 20 CVEs

19.0.0

SEMANTIC 1 CVE

18.0.0.2

OTHER 14 CVEs

Recent CVEs

CVE-2024-43188

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

MEDIUM Sep 18, 2024

CVE-2024-38321

IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

MEDIUM Aug 03, 2024

CVE-2023-50947

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.

MEDIUM Feb 04, 2024

CVE-2020-4900

IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.

MEDIUM Nov 30, 2020

CVE-2019-4669

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 171254.

MEDIUM Feb 27, 2020

CVE-2019-4424

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 162770.

HIGH Aug 20, 2019

CVE-2019-4410

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 162657.

MEDIUM Jul 01, 2019

CVE-2019-4204

IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 159125.

MEDIUM May 10, 2019