High Severity

Security Bulletin: Multiple vulnerabilities in node.js may affect configuration editor used in IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-1971, CVE-2020-8265, CVE-2020-8287

Share this post:

Security vulnerabilities have been reported for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js.

Affected product(s) and affected version(s):

Affected Product(s) Version(s)
IBM Business Automation Workflow V20.0
V19.0
V18.0
IBM Business Process Manager V8.6
V8.5

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6436083

More stories

Security Bulletin: A security vulnerability in Node.js affects IBM Cloud Automation Manager

May 13, 2021 8:02 pm EDT | High Severity

A security vulnerability in Node.js affects IBM Cloud Automation Manager. ...read more


Security Bulletin: Vulnerabilities in the Python, Docker, and ICP affect IBM Spectrum Discover

May 13, 2021 8:01 pm EDT | High Severity

Vulnerabilities in the Python, Docker, and ICP such as a hole to obtain confidential information, denial of service, unauthorized access with high privileges, duplicate entries and CRLF injection, may affect IBM Spectrum Discover ...read more


Security Bulletin: A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager

May 13, 2021 8:01 pm EDT | High Severity

A security vulnerability in Node.js hosted-git-info module affects IBM Cloud Automation Manager. ...read more