Critical Severity

Security Bulletin: Prototype pollution vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – [CVE-2021-23450]

Share this post:

IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a prototype pollution attack. [CVE-2021-23450]

CVE(s): CVE-2021-23450

Affected product(s) and affected version(s):

Affected Product(s) Version(s) Status
IBM Business Automation Workflow containers V22.0.1 
V21.0.3 – V21.0.3-IF010
V21.0.2 all fixes
V20.0.0.2 all fixes
V20.0.0.1 all fixes
affected
IBM Business Automation Workflow traditional V22.0.1
V21.0.1 – V21.0.3
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.2
affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803
V8.5.0.0 – V8.5.0.201706
affected

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6617979
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216463

More stories

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in GnuPG [CVE-2022-3515 and CVE-2022-34903]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of GnuPG. [CVE-2022-3515 and CVE-2022-34903] This has been addressed. ...read more


Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

Apache Commons Text could allow a remote attacker to execute arbitrary code on the system, caused by a flaw when using the interpolation defaults. IBM Sterling Control Center uses Apache Commons Text and the issue has been addressed. [CVE-2022-42889] ...read more


Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Text [CVE-2022-42889]

November 30, 2022 | Critical Severity

IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of Apache Commons Text. [CVE-2022-42889] This has been addressed. ...read more