Medium Severity

Security Bulletin: Persistent Cross-Site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2022-35644

Share this post:

Process Admin Console is vulnerable to a persistent Cross Site-Scripting attack.

CVE(s): CVE-2022-35644

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s) Status
IBM Business Automation Workflow containers V22.0.1 – V22.0.1-IF001
V21.0.3 – V21.0.3-IF011
V21.0.2 all fixes
V20.0.0.1 – V20.0.0.2
affected
IBM Business Automation Workflow traditional V22.0.1
V21.0.1 – V21.0.3 before 21.0.3.1
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.2
affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803
V8.5.0.0 – V8.5.0.201706
affected

 

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6616975
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/230957

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Tomcat

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Tomcat. ...read more


Security Bulletin: IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps is vulnerable to information disclosure and weaker security (CVE-2022-43901, CVE-2022-43900)

November 30, 2022 | Medium Severity

IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps could disclose sensitive information and contain weaker than expected security. This has been addressed. ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python

November 30, 2022 | Medium Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Python. ...read more