Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794
<p> The optional component Process Federation Server that is shipped with IBM Business Process Manager and IBM Business Automation Workflow is vulnerable to a information disclosure and denial of service attack. </p>
<p>Affected product(s) and affected version(s):</p>
<p> </p>
<table style="height: 98px;" border="1" width="683">
<tbody>
<tr>
<td style="width: 200px;">Affected Product(s)</td>
<td style="width: 370px;">Version(s)</td>
</tr>
<tr>
<td style="width: 200px;">IBM Cloud Pak for Automation</td>
<td style="width: 370px;">IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2
IBM Business Automation Workflow 20.0.2</td>
</tr>
<tr>
<td style="width: 200px;">IBM Business Automation Workflow</td>
<td style="width: 370px;">V18.0, V19.0, V20.0 traditional
V20.0 containers</td>
</tr>
<tr>
<td style="width: 200px;">IBM Business Process Manager</td>
<td style="width: 370px;">V8.6</td>
</tr>
</tbody>
</table>
</p>
<p> Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: <a href=https://www.ibm.com/support/pages/node/6359463> https://www.ibm.com/support/pages/node/6359463</a> </p>
<p>The post <a rel="nofollow" href="https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4794/">Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794</a> appeared first on <a rel="nofollow" href="https://www.ibm.com/blogs/psirt">IBM PSIRT Blog</a>.</p>
[fixed][/fixed]
<p>Affected product(s) and affected version(s):</p>
<p> </p>
<table style="height: 98px;" border="1" width="683">
<tbody>
<tr>
<td style="width: 200px;">Affected Product(s)</td>
<td style="width: 370px;">Version(s)</td>
</tr>
<tr>
<td style="width: 200px;">IBM Cloud Pak for Automation</td>
<td style="width: 370px;">IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2
IBM Business Automation Workflow 20.0.2</td>
</tr>
<tr>
<td style="width: 200px;">IBM Business Automation Workflow</td>
<td style="width: 370px;">V18.0, V19.0, V20.0 traditional
V20.0 containers</td>
</tr>
<tr>
<td style="width: 200px;">IBM Business Process Manager</td>
<td style="width: 370px;">V8.6</td>
</tr>
</tbody>
</table>
</p>
<p> Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: <a href=https://www.ibm.com/support/pages/node/6359463> https://www.ibm.com/support/pages/node/6359463</a> </p>
<p>The post <a rel="nofollow" href="https://www.ibm.com/blogs/psirt/security-bulletin-information-disclosure-and-denial-of-service-vulnerability-affect-ibm-business-automation-workflow-and-ibm-business-process-manager-bpm-cve-2020-4794/">Security Bulletin: Information disclosure and Denial of Service vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) – CVE-2020-4794</a> appeared first on <a rel="nofollow" href="https://www.ibm.com/blogs/psirt">IBM PSIRT Blog</a>.</p>
