Latest ibm cloud pak for automation Vulnerabilities

CVE-2021-29872
IBM ICP4A - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remo...
IBM Cloud Pak for Automation<=21.0.1 before IF00721.0.2 before IF007
IBM Cloud Pak for Automation<21.0.2
IBM Cloud Pak for Automation=21.0.2
IBM Cloud Pak for Automation=21.0.2-interim_fix001
IBM Cloud Pak for Automation=21.0.2-interim_fix002
IBM Cloud Pak for Automation=21.0.2-interim_fix003
and 11 more
IBM-6541294
IBM Cloud Pak for Automation<=21.0.1 before IF00721.0.2 before IF007
CVE-2021-38966
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality pot...
IBM Cloud Pak for Automation=21.0.2
Ibm Workflow Process Service=21.0.2
CVE-2021-29775
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall...
IBM Business Automation Workflow<=V20.0V19.0.0.3
IBM Business Automation Workflow=19.0.0.3
IBM Business Automation Workflow=20.0.0.0
IBM Cloud Pak for Automation=20.0.3-if002
IBM Cloud Pak for Automation=21.0.1
IBM-6465127
IBM Cloud Pak for Automation<=20.0.3-IF002
IBM Cloud Pak for Automation<=21.0.1
IBM-6437577
IBM Cloud Pak for Automation<=20.0.3 IF002
IBM Cloud Pak for Automation<=20.0.2
CVE-2021-26296
Apache MyFaces is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker c...
IBM Cloud Pak for Automation<=20.0.3-IF002
IBM Cloud Pak for Automation<=21.0.1
Apache MyFaces>=2.2.0<=2.2.13
Apache MyFaces>=2.3.0<=2.3.7
Apache MyFaces=2.3-next-m1
Apache MyFaces=2.3-next-m2
and 4 more
IBM-6412345
IBM Cloud Pak for Automation<=20.0.3
IBM Cloud Pak for Automation<=20.0.2 IF002
CVE-2021-20359
Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user.
IBM Cloud Pak for Automation<=20.0.3
IBM Cloud Pak for Automation<=20.0.2 IF002
IBM Cloud Pak for Automation=20.0.2-interim_fix002
IBM Cloud Pak for Automation=20.0.3
CVE-2021-20358
IBM Business Automation Insights stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files.
IBM Cloud Pak for Automation<=20.0.3
IBM Cloud Pak for Automation<=20.0.2 IF002
IBM Cloud Pak for Automation=20.0.2-interim_fix002
IBM Cloud Pak for Automation=20.0.3
IBM-6359463
IBM Cloud Pak for Automation<=IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2IBM Business Automation Workflow 20.0.2
IBM Business Automation Workflow<=V18.0, V19.0, V20.0 traditionalV20.0 containers
IBM Business Process Manager<=V8.6
CVE-2020-4794
IBM Process Federation Server Component, IBM Business Automation Workflow and IBM Business Process Manager could allow an authenticated user to obtain sensitive information or cuase a denial of servic...
IBM Cloud Pak for Automation<=IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2IBM Business Automation Workflow 20.0.2
IBM Business Automation Workflow<=V18.0, V19.0, V20.0 traditionalV20.0 containers
IBM Business Process Manager<=V8.6
IBM Automation Workstream Services=19.0.3
IBM Automation Workstream Services=20.0.1
IBM Automation Workstream Services=20.0.2
and 48 more
CVE-2020-28168
Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attacker is able to bypass a proxy by providing a URL that responds with a redirect to a restricted host o...
IBM Cloud Pak for Automation<=20.0.3
IBM Cloud Pak for Automation<=20.0.2 IF002
Axios Axios>=0.19.0<=0.21.0
Siemens Sinec Ins<1.0
Siemens Sinec Ins=1.0-sp1
CVE-2020-14798
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
debian/openjdk-11
debian/openjdk-8
IBM Cloud Pak for Automation<=20.0.3-IF002
IBM Cloud Pak for Automation<=21.0.1
Oracle JDK=1.7.0-update271
Oracle JDK=1.8.0-update261
and 21 more
CVE-2020-14797
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-14796
An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unkno...
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<1.8.0-ibm-1:1.8.0.6.20-1jpp.1.el7
redhat/java<1.7.1-ibm-1:1.7.1.4.75-1jpp.1.el7
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
and 33 more
CVE-2020-14792
An unspecified vulnerability in Java SE related to the Hotspot component could allow an unauthenticated attacker to cause low confidentiality impact, low integrity impact, and no availability impact.
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-0.el6_10
redhat/java<11-openjdk-1:11.0.9.11-0.el7_9
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el7_9
redhat/java<11-openjdk-1:11.0.9.11-0.el8_2
redhat/java<1.8.0-openjdk-1:1.8.0.272.b10-1.el8_2
redhat/java<11-openjdk-1:11.0.9.11-0.el8_0
and 39 more
CVE-2020-2773
An unspecified vulnerability in Java SE related to the Java SE Security component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unkn...
redhat/java<1.8.0-openjdk-1:1.8.0.252.b09-2.el6_10
redhat/java<1.7.0-openjdk-1:1.7.0.261-2.6.22.1.el6_10
redhat/java<1.7.0-openjdk-1:1.7.0.261-2.6.22.2.el7_8
redhat/java<11-openjdk-1:11.0.7.10-4.el7_8
redhat/java<1.8.0-openjdk-1:1.8.0.252.b09-2.el7_8
redhat/java<1.8.0-ibm-1:1.8.0.6.25-1jpp.1.el7
and 157 more
CVE-2020-4325
The IBM Process Federation Server Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, t...
IBM Automation Workstream Services in Cloud Pak for Automation<=19.0.3
IBM Process Federation Server<=18.0.0.1 to 19.0.0.3 included
IBM Cloud Pak for Automation=19.0.3
IBM Process Federation Server>=18.0.0.1<=19.0.0.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203