Medium Severity
Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023
May 4, 2022
Categorized: Medium Severity
Share this post:
Cross Site Scripting vulnerabilities in jQuery might affect Process Portal in IBM Business Automation Workflow and IBM Business Process Manager (BPM).
CVE(s): CVE-2020-7656, CVE-2020-11023, CVE-2020-11022, IBM X-Force ID: 180875
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Business Automation Workflow | V20.0 V19.0 V18.0 |
| IBM Business Process Manager | V8.6 V8.5 V8.0 |
For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6326835
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182264
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349
Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU – Apr 2022 – Includes Oracle April 2022 CPU (minus CVE-2022-21426)affects IBM Security Verify Governance, Identity Manager virtual appliance component
August 17, 2022 | Medium Severity
IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the applicable CVE. ...read more
Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)
August 17, 2022 | Medium Severity
Samba for IBM i is vulnerable to an attacker obtaining sensitive information due to a memory leak handling SMB1 requests as described in the vulnerability details section. IBM i has addressed the vulnerability in Samba with a fix as described in the remediation/fixes section. ...read more
Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)
August 16, 2022 | Medium Severity
IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. ...read more