threat
engine
.sh
Back
·
··:··
Home
/
Product
/
ibm business automation workflow
Product
ibm business automation workflow
52 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-13096
<= 24.0.0
IBM Business Automation Workflow containers V25.0.0 through V25.0.0-IF007, V24.0.1 - V24.0.1-IF007, V24.0.0 - V24.0.0-IF007 and IB
7.1
HIGH
CVE-2025-36059
all versions
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0
4.7
MEDIUM
CVE-2025-36058
all versions
IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0
5.5
MEDIUM
CVE-2025-36054
all versions
IBM Business Automation Workflow containers 24.0.0 through 24.0.0-IF006, 24.0.1 through 24.0.1-IF004, 25.0.0 through 25.0.0-IF001
6.1
MEDIUM
CVE-2025-1495
all versions
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing autho
4.3
MEDIUM
CVE-2024-54179
<= 24.0.1
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupporte
5.4
MEDIUM
CVE-2024-43188
>= 18.0.0.1 and <= 18.0.0.3
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activ
4.9
MEDIUM
CVE-2024-38321
>= 23.0.1 and <= 23.0.2
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under ce
5.3
MEDIUM
CVE-2023-50947
>= 19.0.0.1 and <= 19.0.0.3
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users
5.4
MEDIUM
CVE-2023-24957
>= 19.0.0.1 and <= 19.0.0.3
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 2
5.4
MEDIUM
CVE-2022-43864
>= 21.0.1 and <= 21.0.3.1
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could sen
7.5
HIGH
CVE-2022-42435
all versions
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, a
4.3
MEDIUM
CVE-2022-41735
>= 19.0.0.1 and <= 19.0.0.3
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-s
5.4
MEDIUM
CVE-2022-38390
>= 18.0.0.0 and <= 18.0.0.2
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embe
5.4
MEDIUM
CVE-2022-35279
>= 18.0.0.0 and <= 18.0.0.2
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3,
4.3
MEDIUM
CVE-2022-22361
>= 19.0.0.1 and <= 19.0.0.3
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0
6.5
MEDIUM
CVE-2021-39046
all versions
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials i
4.9
MEDIUM
CVE-2021-38900
all versions
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged u
6.5
MEDIUM
CVE-2021-38893
all versions
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored c
5.4
MEDIUM
CVE-2021-38883
all versions
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-si
5.4
MEDIUM
CVE-2021-29753
all versions
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication
5.9
MEDIUM
CVE-2021-29835
all versions
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users
6.1
MEDIUM
CVE-2021-29878
all versions
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users
5.4
MEDIUM
CVE-2021-29834
all versions
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM
5.4
MEDIUM
CVE-2021-29775
all versions
IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross
5.4
MEDIUM
CVE-2021-29751
all versions
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated us
4.3
MEDIUM
CVE-2020-4768
>= 18.0.0.0 and <= 20.0.0.2
IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. Thi
5.4
MEDIUM
CVE-2020-4794
all versions
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business
5.4
MEDIUM
CVE-2020-4900
all versions
IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user
5.5
MEDIUM
CVE-2020-4672
all versions
IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrar
5.4
MEDIUM
CVE-2020-4531
all versions
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote atta
5.3
MEDIUM
CVE-2020-4530
< 20.0.0.2
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting.
5.4
MEDIUM
CVE-2020-4698
all versions
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-sit
5.4
MEDIUM
CVE-2020-4516
all versions
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scrip
5.4
MEDIUM
CVE-2020-4557
all versions
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site sc
5.4
MEDIUM
CVE-2020-4532
all versions
IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8
5.3
MEDIUM
CVE-2020-4490
all versions
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to by
6.1
MEDIUM
CVE-2020-4446
>= 18.0.0.0 and <= 18.0.0.2
IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automation Workflow 18.0 and 19.0 could allow a remote attacker to
4.3
MEDIUM
CVE-2019-4669
>= 18.0.0.1 and <= 19.0.0.3
IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workf
6.3
MEDIUM
CVE-2019-4426
>= 19.0.0.0 and <= 19.0.0.3
The Case Builder component shipped with 18.0.0.1 through 19.0.0.2 and IBM Case Manager 5.1.1 through 5.3 is vulnerable to cross-si
5.4
MEDIUM
CVE-2019-4149
>= 18.0.0.0 and <= 18.0.0.2
IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative
5.4
MEDIUM
CVE-2019-4424
>= 18.0.0.0 and <= 19.0.0.2
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, and 19.0.0.2 is vulnerable to an XML External Entity Inje
8.2
HIGH
CVE-2019-4425
>= 18.0.0.0 and <= 19.0.0.2
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow a user to obtain highly sensitive information from a
5.7
MEDIUM
CVE-2019-4410
>= 18.0.0.0 and <= 19.0.0.1
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerabil
5.4
MEDIUM
CVE-2019-4204
>= 18.0.0.0 and <= 19.0.0.1
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, and 19.0.0.1 is vulnerable to cross-site scripting. This vulnerabil
5.4
MEDIUM
CVE-2019-4045
>= 18.0.0.0 and <= 18.0.0.2
IBM Business Automation Workflow and IBM Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 provide embedded document manag
4.3
MEDIUM
CVE-2018-2000
all versions
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site request forgery which could allow an attacker t
4.3
MEDIUM
CVE-2018-1999
all versions
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could reveal sensitive version information about the server from
4.3
MEDIUM
CVE-2018-1997
all versions
IBM Business Automation Workflow and Business Process Manager 18.0.0.0, 18.0.0.1, and 18.0.0.2 are vulnerable to a denial of servi
4.3
MEDIUM
CVE-2018-1885
all versions
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, and 18.0.0.2 could allow an unauthenticated attacker to obtain sensitve infor
5.3
MEDIUM
CVE-2018-1848
all versions
IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to e
6.1
MEDIUM
CVE-2018-1674
all versions
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker coul
6.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin