VYPR

Business Automation Workflow

by IBM

CVEs (52)

  • CVE-2019-4045MedApr 8, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document management features. Because of a missing restriction in an API, a client might spoof the last modified by value of a document. IBM X-Force ID: 156241.

  • CVE-2018-2000MedApr 8, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 154890.

  • CVE-2018-1999MedApr 8, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 154889.

  • CVE-2018-1997MedApr 8, 2019
    risk 0.28cvss 4.3epss 0.01

    IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of service attack. An authenticated attacker might send a specially crafted request that exhausts server-side memory. IBM X-Force ID: 154774.

  • CVE-2025-13096Feb 2, 2026
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IBM Business Automation Workflow traditional V25.0.0, V24.0.1, V24.0.0 is vulnerable to an XML external entity injection (XXE) attack when processing…

  • CVE-2025-36058Jan 20, 2026
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve…

  • CVE-2025-36059Jan 20, 2026
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation could allow a local user with access to the container to execute OS system…

  • CVE-2025-36054Nov 6, 2025
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001 and IBM Business Automation Workflow traditional with Process Federation Server 24.0.0 through 24.0.1 and 25.0.0 are vulnerable to cross-site…

  • CVE-2025-1495May 3, 2025
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

  • CVE-2024-54179Mar 3, 2025
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI…

  • CVE-2024-43188Sep 18, 2024
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation.

  • CVE-2024-38321Aug 3, 2024
    risk 0.00cvss epss 0.00

    IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.

Page 3 of 3