Medium Severity
Security Bulletin: Multiple security vulnerabilities with Administration Console for Content Platform Engine component in IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4447, CVE-2020-4759
Dec 2, 2020 7:00 pm EST
Categorized: Medium Severity
Share this post:
The embedded Content Platform Engine Component, which includes Administration Console for Content Platform Engine (ACCE), that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a cross-site scripting vulnerability and a CSV Injection vulnerability.
Affected product(s) and affected version(s):
| Affected Product(s) | Version(s) |
| IBM Business Automation Workflow | v19.0.0.x |
| IBM Business Automation Workflow | v18.0.0.x |
| IBM Business Process Manager | v8.6.0 / v18.0.0.0 |
| IBM Business Process Manager | v8.5.x |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www.ibm.com/support/pages/node/6374018
Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)
Jan 15, 2021 7:00 pm EST | Medium Severity
Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. ...read more
Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2020-4576)
Jan 15, 2021 7:00 pm EST | Medium Severity
IBM Integration Bus and IBM App Connect Enterprise are affected by a WebSphere Application Server vulnerability which was reported and has been addressed. Vulnerability details are listed below ...read more
Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)
Jan 15, 2021 7:00 pm EST | Medium Severity
Apache ActiveMQ is vulnerable to a man-in-the-middle attack. ...read more