High Severity

Security Bulletin: Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-35618

Share this post:

IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a Denial of Service attack.

CVE(s): CVE-2020-36518

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s) Status
IBM Business Automation Workflow containers V22.0.1 not affected
IBM Business Automation Workflow containers V21.0.3 – V21.0.3-IF009
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes
affected
IBM Business Automation Workflow traditional V22.0.1 not affected
IBM Business Automation Workflow traditional V21.0.1 – V21.0.3
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.2
affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803
V8.5.0.0 – V8.5.0.201706
affected

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6603665
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/222319

More stories

Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to X-Force 237819

November 25, 2022 | High Severity

Node.js moment-timezone is used by IBM App Connect Enterprise Certified Container for handling timezone information. IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution. This bulletin provides patch information to address the reported vulnerability X-Force 237819 in Node.js moment-timezone. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to denial of service due to Websphere Liberty (CVE-2022-24839)

November 23, 2022 | High Severity

IBM Sterling Control Center is vulnerable to potential a denial of service, caused by a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup in the fork of org.cyberneko.html. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. ...read more


Security Bulletin: For IBM Cloudpak for Watson AIOPS 3.5.1

November 23, 2022 | High Severity

This SB contains a list for all CVE's listed here - CVE-2022-36083, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2021-21797, CVE-2022-35941, CVE-2021-42248, CVE-2021-42836, CVE-2022-40186, CVE-2022-41316, CVE-2021-36090, CVE-2020-29529, CVE-2020-7219 fixed in 3.5.1 ...read more