Medium Severity

Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-7656, CVE-2020-11022, CVE-2020-11023

Share this post:

Cross Site Scripting vulnerabilities in jQuery might affect Process Portal in IBM Business Automation Workflow and IBM Business Process Manager (BPM).

CVE(s): CVE-2020-7656, CVE-2020-11023, CVE-2020-11022, IBM X-Force ID:   180875

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s)
IBM Business Automation Workflow V20.0
V19.0
V18.0
IBM Business Process Manager V8.6
V8.5
V8.0

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6326835
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/182264
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181350
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/181349

More stories

Security Bulletin: Samba for IBM i is vulnerable to attacker obtaining sensitive information due to a memory leak with SMB1 requests (CVE-2022-32742)

August 17, 2022 | Medium Severity

Samba for IBM i is vulnerable to an attacker obtaining sensitive information due to a memory leak handling SMB1 requests as described in the vulnerability details section. IBM i has addressed the vulnerability in Samba with a fix as described in the remediation/fixes section. ...read more


Security Bulletin: A security vulnerability has been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component (CVE-2022-21496)

August 16, 2022 | Medium Severity

IBM Security Verify Governance, Identity Manager virtual appliance component has addressed the following vulnerability. ...read more