News
Abstract
How to know if the CVE is there in the image for BAMOE 8 and BAMOE 9
Content
For BAMOE 8, there is on-prem and container for OpenShift using the operator installation.
Unfortunately there is no separate scan so both are based on the container image. Typically anything related to OS is specifically RHEL such as libssh / python. For on-prem, we know it must exist in the maven repository.zip or the .war if it is affected.
For the Openshift image, it can be easily checked here:
For the on-prem, it is pretty similar except the OS ones are excluded. You can also see if an CVE is fixed. For example, the latest one is BAMOE 8.0.8 as of publishing this technote:
BAMOE 8.0.8 addressed CVE:
https://www.ibm.com/support/pages/node/7241943
For other versions, it is easy to type this in google
Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions <version number example: 8.0.8>.
For BAMOE 9, the CVE list can be found here:
https://quay.io/organization/bamoe
After selecting the image you like to check you can click on the "tags" tab to see what is the CVE affected there.
https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-ibm-business-automation-manager-open-editions-1
Was this topic helpful?
Document Information
Modified date:
14 November 2025
UID
ibm17251266