Medium Severity

Security Bulletin: Multiple security vulnerabilities with Administration Console for Content Platform Engine component in IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4447, CVE-2020-4459

Share this post:

The embedded Content Platform Engine Component, which includes Administration Console for Content Platform Engine (ACCE), that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a cross-site scripting vulnerability and a CSV Injection vulnerability.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Automation Workflow v19.0.0.x
IBM Business Automation Workflow v18.0.0.x
IBM Business Process Manager v8.6.0 / v18.0.0.0
IBM Business Process Manager v8.5.x

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6374018

More stories

Security Bulletin: Websphere Hibernate Validator Vulnerability Affects IBM Control Center (CVE-2020-10693)

Jan 15, 2021 7:00 pm EST | Medium Severity

Hibernate Validator could allow a remote attacker to bypass security restrictions, caused by a flaw in the message interpolation processor. ...read more


Security Bulletin: IBM Integration Bus & IBM App Connect Enterprise are affected by a Websphere Application Server Vulnerability (CVE-2020-4576)

Jan 15, 2021 7:00 pm EST | Medium Severity

IBM Integration Bus and IBM App Connect Enterprise are affected by a WebSphere Application Server vulnerability which was reported and has been addressed. Vulnerability details are listed below ...read more


Security Bulletin: Apache ActiveMQ Vulnerability Affects IBM Control Center (CVE-2020-13920)

Jan 15, 2021 7:00 pm EST | Medium Severity

Apache ActiveMQ is vulnerable to a man-in-the-middle attack. ...read more