Medium Severity

Security Bulletin: Vulnerabilities in Node.js affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2021-22960, CVE-2021-22959

January 26, 2022

Categorized: Medium Severity

Share this post:

Configuration Editor in IBM Business Process Manager and IBM Business Automation Workflow are vulnerable to a HTTP request smuggling attack.

CVE(s): CVE-2021-22960, CVE-2021-22959

Affected product(s) and affected version(s):

 

Affected Product(s) Version(s) Status
IBM Business Automation Workflow traditional V21.0.3 not affected
IBM Business Automation Workflow traditional V21.0.2
V20.0.0.1 – V20.0.0.2
V19.0.0.1 – V19.0.0.3
V18.0.0.0 – V18.0.0.1		 affected
IBM Business Automation Workflow containers V21.0.1 – V21.0.3
V20.0.0.1 – V20.0.0.2		 not affected
IBM Business Process Manager V8.6.0.0 – V8.6.0.201803
V8.5.0.0 – V8.5.0.201706		 affected

 

Refer to the following reference URLs for remediation and additional vulnerability details:  
Source Bulletin: https://www.ibm.com/support/pages/node/6551090
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211171
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/211168


Previous Post

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)

Next Post

Security Bulletin: Vulnerability in Apache Log4j may affect IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data (CVE-2021-4104)
More stories

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Netty (CVE-2022-24823)

June 29, 2022 | Medium Severity

Netty (CVE-2022-24823) is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library as part of the webhook integration. The latest patch includes Netty 4.1.77.Final to fix the vulnerability. ...read more

Security Bulletin: Vulnerabilities in IBM Java Runtime affect IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments (CVE-2021-35550, CVE-2021-35603)

June 29, 2022 | Medium Severity

Vulnerabilities in IBM® Runtime Environment Java™ were disclosed as part of the IBM Java SDK updates in October 2021. IBM® Runtime Environment Java™ is used by IBM Spectrum Protect Backup-Archive Client, IBM Spectrum Protect for Space Management, and IBM Spectrum Protect for Virtual Environments and may be affected by the below vulnerabilities (CVEs). ...read more

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Tivoli Netcool Impact (CVE-2021-39038)

June 29, 2022 | Medium Severity

IBM WebSphere Application Server is shipped with IBM Tivoli Netcool Impact. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. ...read more