Medium Severity

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672

Nov 16, 2020 7:00 pm EST

Share this post:

IBM Business Automation Workflow are vulnerable to a cross-site scripting attack.

Affected product(s) and affected version(s):

Affected Product(s)	Version(s)
IBM Business Automation Workflow	V20.0

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6367813

Medium Severity

Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)

Search Posts

Resources

Feed for PSIRT Blog Posts

IBM Product Security Vulnerabilities

See information about: IBM Security Bulletins, IBM Security Vulnerability Management (PSIRT), Reporting a Security Issue, IBM Secure Engineering

Learn More

IBM Product Support Portal

Access IBM Product Support to: Subscribe to Notifications, Download Fixes & PTFs (Fix Central), Access the Directory of IBM Worldwide Contacts

See What's New

Helpful Information

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system.

Mar 8, 2021 7:00 pm EST | Medium Severity

IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system. ...read more

Security Bulletin: Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2015-5237)

Mar 8, 2021 7:00 pm EST | Medium Severity

Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution ...read more

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow – CVE-2021-20358

Mar 8, 2021 7:00 pm EST | Medium Severity

IBM Business Automation Workflow may leak sensitive information in trace when emitting events for Business Automation Insights. ...read more

Medium Severity

Security Bulletin: Cross-site scripting vulnerability affects IBM Business Automation Workflow – CVE-2020-4672

Security Bulletin: IBM API Connect is vulnerable to arbitrary code execution and security bypass in Drupal (CVE-2020-13664, CVE-2020-13665)

Security Bulletin: IBM Maximo Asset Management is vulnerable to Multiple Jackson-Databind CVEs - February 2020

Search Posts

Archives

Resources

IBM Product Security Vulnerabilities

IBM Product Support Portal

Helpful Information

Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring returns potentially sensitive information in headers which could lead to further attacks against the system.

Mar 8, 2021 7:00 pm EST | Medium Severity

Security Bulletin: Google Protocol Buffers as used by IBM QRadar SIEM is vulnerable to arbitrary code execution (CVE-2015-5237)

Mar 8, 2021 7:00 pm EST | Medium Severity

Security Bulletin: Information leakage vulnerability affect IBM Business Automation Workflow – CVE-2021-20358

Mar 8, 2021 7:00 pm EST | Medium Severity