Medium Severity

Security Bulletin: Cross-site scripting vulnerabilities in jQuery may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-11022, CVE-2020-11023

Share this post:

A copy of the open source library jQuery is shipped as part of the swagger-ui in IBM Business Process Manager and IBM Business Automation Workflow. Cross-Site scripting vulnerabilities have been reported for this library.

CVE(s): CVE-2020-11022, CVE-2020-11023

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s) Status
IBM Business Automation Workflow traditional V21.0.3 not affected
IBM Business Automation Workflow containers V21.0.3 not affected
IBM Business Automation Workflow traditional V21.0.1 – V21.0.2
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.1
affected
IBM Business Automation Workflow containers V21.0.1 – V21.0.2
V20.0.0.1 – V20.0.0.2
affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803
V8.5.0.0 – V8.5.0.201706
affected

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6579971
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350

More stories

Security Bulletin: IBM Workload Scheduler is vulnerable to arbitrary file creation vulnerability due to CVE-2022-22369 affecting JLOG component

August 8, 2022 | Medium Severity

The Jlog component on the Master Domain Manager of IBM Workload Scheduler permits an unauthenticated user to interact with the system making it possible to modify the way the service works or modify system files. ...read more


Security Bulletin: Liberty for Java for IBM Cloud is vulnerable to Identity Spoofing (CVE-2022-22476)

August 8, 2022 | Medium Severity

Liberty for Java for IBM Cloud is vulnerable to identity spoofing with the appSecurity-1.0, appSecurity-2.0, appSecurity-3.0 or appSecurity-4.0 feature enabled. This has been addressed. ...read more


Security Bulletin: Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler.

August 8, 2022 | Medium Severity

Vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8, that is used by IBM Workload Scheduler. This issue was disclosed as part of the Oracle October 2021 Critical Patch Update. ...read more