High Severity

Security Bulletin: A CVE-2021-37714 vulnerability in jsoup affects IBM Process Designer in IBM Business Automation Workflow and IBM Business Process Manager

Share this post:

A vulnerabilitiy exists in jsoup used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVE.

CVE(s): CVE-2021-37714

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Automation Workflow 18.0.0.0 – 21.0.2
IBM BPM Process Designer 8.6-8.6 CF2018.03
IBM BPM Process Designer 8.5.0-8.5.7 2017.06

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6523988
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/207858

More stories

Security Bulletin: Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner affect IBM Spectrum Protect Plus

Jan 28, 2022 7:04 pm EST | High Severity

Vulnerabilities in the Linux Kernel, Samba, Sudo, Python, and tcmu-runner such as denial of service, elevation of privileges, buffer overflow, directory traversal, information disclosure, and bypassing of security restrictions , may affect IBM Spectrum Protect Plus. 28 January 2022: CVE-2020-8492 for Python is fixed in 10.1.9 or higher. ...read more


Security Bulletin: Vulnerabilities in Apache Log4j affect IBM App Connect Enterprise V11, V12 and IBM Integration Bus (CVE-2021-4104)

Jan 28, 2022 7:04 pm EST | High Severity

Vulnerabilities in Apache Log4j affect the logging infrastructure in the Kafka Nodes in IBM App Connect Enterprise v11, v12 and IBM Integration Bus version 10. IBM App Connect Enterprise V11, V12 and IBM Integration Bus v10 have addressed the applicable CVE. Given current information and analysis, IBM Integration Bus V9 is not affected. ...read more


Security Bulletin: Linux Kernel vulnerability may affect IBM Spectrum Protect Plus (CVE-2021-3715)

Jan 28, 2022 7:04 pm EST | High Severity

IBM Spectrum Protect Plus may be affected by a Linux Kernel vulnerability that allows an attacker to gain elevated privileges on the system. ...read more