Medium Severity

Security Bulletin: Cross site scripting vulnerability affecting Case Builder in IBM Business Automation Workflow – CVE-2021-29878

Share this post:

IBM Business Automation Workflow Case Builder in Workflow Center is vulnerable to cross site scripting.

CVE(s): CVE-2021-29878

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Automation Workflow V21.0
V20.0
V19.0
V18.0

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6501949
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/206581

More stories

Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Netcool Agile Service Manager

Nov 25, 2021 7:00 pm EST | Medium Severity

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 8 used by IBM Netcool Agile Service Manager. IBM Netcool Agile Service Manager has addressed the applicable CVEs. ...read more


Security Bulletin: Vulnerability in Dojo may affect IBM Cúram Social Program Management (CVE-2018-15494)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Dojo libraries, for which there is a publicly known vulnerability. Dojo Toolkit is vulnerable to cross-site scripting attack, caused by improper validation of user-supplied input by the DataGrid component. ...read more


Security Bulletin: Vulnerability in Apache Santuario XML Security for Java may affect Cúram Social Program Management (CVE-2021-40690)

Nov 25, 2021 7:00 pm EST | Medium Severity

IBM Cúram Social Program Management uses the Apache Santuario XML Security for Java libraries, for which there is a publicly known vulnerability. For this vulnerability Apache Santuario XML Security for Java could allow a remote attacker to bypass security restrictions, caused by the improper passing of the "secureValidation" property when creating a KeyInfo from a KeyInfoReference element. ...read more