Lucene search

IBM26ECC590134B48078298CA8EE74BA6F6B00BADA9DA277A8A274BD98483D4F4F0

HistoryApr 17, 2024 - 5:17 p.m.

Security Bulletin: A vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Buinses Automation Workflow (CVE-2024-22329)

2024-04-1717:17:20

www.ibm.com

ibm

websphere

application server

business automation workflow

vulnerability

security bulletin

ibm websphere

traditional

enterprise service bus

affected products

versions

remediation

fixes

server-side request forgery

cve-2024-22329

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.7%

JSON

Summary

WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin.

Vulnerability Details

Refer to the security bulletin(s) listed in the Remediation/Fixes section

Affected Products and Versions

Affected Product(s)	Version(s)	Status
IBM Business Automation Workflow traditional	V23.0.1 - V23.0.2
V22.0.1 - v22.0.2
V21.0.1 - V21.0.3.1
V20.0.0.1 - V20.0.0.2
V19.0.0.1 - V19.0.0.3
V18.0.0.0 - V18.0.0.2	Affected	Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.
IBM Business Automation Workflow Enterprise Service Bus	V23.0.1 - V23.0.2
V22.0.2	Affected	Cumulative Fixes cannot automatically install interim fixes for the base Application Server. It is important to follow the complete installation instructions and manually ensure that recommended security fixes are installed.

For earlier and unsupported versions of the products, IBM recommends upgrading to a fixed, supported version of the product.

Remediation/Fixes

Please consult the Security Bulletin: IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery (CVE-2024-22329) for vulnerability details and information about fixes.

Workarounds and Mitigations

None

CPENameOperatorVersion
ibm business automation workfloweq18.0.0.0
ibm business automation workfloweq18.0.0.1
ibm business automation workfloweq18.0.0.2
ibm business automation workfloweq19.0.0.1
ibm business automation workfloweq19.0.0.2
ibm business automation workfloweq19.0.0.3
ibm business automation workfloweq20.0.0.1
ibm business automation workfloweq20.0.0.2
ibm business automation workfloweq21.0.2
ibm business automation workfloweq21.0.3

Name	Operator	Version
ibm business automation workflow	eq	18.0.0.0
ibm business automation workflow	eq	18.0.0.1
ibm business automation workflow	eq	18.0.0.2
ibm business automation workflow	eq	19.0.0.1
ibm business automation workflow	eq	19.0.0.2
ibm business automation workflow	eq	19.0.0.3
ibm business automation workflow	eq	20.0.0.1
ibm business automation workflow	eq	20.0.0.2
ibm business automation workflow	eq	21.0.2
ibm business automation workflow	eq	21.0.3

Rows per page:

1-10 of 131