Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
March 21, 2022Rewterz Threat Advisory – ICS: Johnson Controls Metasys ADS/ADX/OAS Servers Vulnerability
March 21, 2022Rewterz Threat Advisory – Multiple Node.js Vulnerabilities
March 21, 2022Rewterz Threat Advisory – ICS: Johnson Controls Metasys ADS/ADX/OAS Servers Vulnerability
March 21, 2022Severity
Medium
Analysis Summary
CVE-2021-39046
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user.
CVE-2021-29899
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service.
Impact
- Information Disclosure
- Denial of Service
Indicator Of Compromise
CVE
- CVE-2021-39046
- CVE-2021-29899
Affected Vendors
IBM
Affected Products
- IBM Business Process Manager 8.5
- IBM Business Process Manager 8.6
- IBM Business Automation Workflow 18.0.0.0
- IBM Business Automation Workflow 18.0.0.1
- IBM Engineering Requirements Quality Assistant On-Premises
Remediation
Refer to IBM Security Advisory for patch, upgrade, or suggested workaround information.