High Severity

Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect the configuration editor used by IBM Business Automation Workflow and IBM Business Process Manager (BPM)

May 9, 2022

Categorized: High Severity

Share this post:

Security vulnerabilities have been reported for IBM SDK for Node.js. IBM Business Automation Workflow and IBM BPM include a stand-alone tool for editing configuration properties files that is based on IBM SDK for Node.js.

CVE(s): CVE-2021-44531, CVE-2021-44532, CVE-2022-21824, CVE-2022-0778, CVE-2021-44533

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s) Status
IBM Business Automation Workflow traditional V21.0.1 – V21.0.3
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.1		 affected
IBM Business Automation Workflow containers V21.0.1 – V21.0.3
V20.0.0.1 – V20.0.0.2		 not affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803 affected
IBM Business Process Manager V8.5.0.0 – V8.5.0.201706 not affected

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6584089
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216930
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216931
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216933
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/216932


Previous Post

Security Bulletin: Vulnerability CVE-2021-39024 in IBM Guardium Data Encryption (GDE)

Next Post

Security Bulletin: Multiple Vulnerabilities in VMware ESXi affect IBM Cloud Pak System (CVE-2021-21994, CVE-2021-21995)
More stories

Security Bulletin: Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129

August 10, 2022 | High Severity

Automation Assets in IBM Cloud Pak for Integration is vulnerable to denial of service due to CVE-2022-31129 with details below ...read more

Security Bulletin: Multiple security vulnerabilities has been identified in IBM® DB2® shipped with IBM PureData System for Operational Analytics

August 10, 2022 | High Severity

IBM® DB2® is shipped as a component of IBM PureData System for Operational Analytics. Information about security vulnerabilities affecting IBM DB2 have been published in a security bulletin (CVE-2022-22389, CVE-2022-22390, CVE-2022-25313, CVE-2022-25236, CVE-2022-25235, CVE-2022-25314, CVE-2022-25315). ...read more

Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities

August 10, 2022 | High Severity

Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities with details below ...read more