Rewterz Threat Advisory – CVE-2020-2021 – Palo Alto Authentication Bypass in SAML Authentication
June 29, 2020Rewterz Threat Alert – Agent Tesla Malware – IOCs
June 30, 2020Rewterz Threat Advisory – CVE-2020-2021 – Palo Alto Authentication Bypass in SAML Authentication
June 29, 2020Rewterz Threat Alert – Agent Tesla Malware – IOCs
June 30, 2020Severity
Medium
Analysis Summary
IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Impact
Cross-site scripting
Affected Vendors
IBM
Affected Products
- IBM Business Process Manager 8.5
- IBM Business Process Manager 8.6
- IBM Business Automation Workflow 18.0
- IBM Business Automation Workflow 19.0
- IBM Business Automation Workflow 20.0
Remediation
Refer to IBM Security Bulletin 6241338 for patch, upgrade or suggested workaround information.