Multiple vulnerabilities in IBM Business Automation Manager Open Editions
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 19 |
| CVE-ID | CVE-2021-3757 CVE-2020-28477 CVE-2022-21363 CVE-2022-23913 CVE-2020-7746 CVE-2022-23437 CVE-2022-31129 CVE-2022-24772 CVE-2022-2458 CVE-2022-1365 CVE-2020-36518 CVE-2022-24771 CVE-2022-0722 CVE-2021-23436 CVE-2022-0235 CVE-2022-26520 CVE-2021-44906 CVE-2022-24785 CVE-2022-1650 CVE-2022-21724 |
| CWE-ID | CWE-94 CWE-20 CWE-400 CWE-835 CWE-185 CWE-347 CWE-611 CWE-863 CWE-787 CWE-200 CWE-22 CWE-665 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #18 is available. |
| Vulnerable software |
IBM Business Automation Manager Open Editions Other software / Other software solutions |
| Vendor | IBM Corporation |
Security Bulletin
This security bulletin contains information about 19 vulnerabilities.
1) Prototype pollution
EUVDB-ID: #VU57215
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-3757,CVE-2020-28477
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request to the application and perform prototype pollution.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper input validation
EUVDB-ID: #VU59737
Risk: Medium
CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21363
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to execute arbitrary code.
The vulnerability exists due to improper input validation within the Connector/J component in MySQL Connectors. A remote privileged user can exploit this vulnerability to execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Resource exhaustion
EUVDB-ID: #VU60303
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23913
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU60879
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7746
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to Prototype Pollution in the "options" parameter. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Infinite loop
EUVDB-ID: #VU59965
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-23437
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when parsing XML documents. A remote attacker can supply a specially crafted XML document, consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect Regular Expression
EUVDB-ID: #VU65835
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-31129
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when parsing overly long strings. A remote attacker can pass a string that contains more that 10k characters and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU66758
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24772
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect RSA PKCS#1 v1.5 signature verification caused by a missing check or tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. A remote attacker can forge a signature and perform a man-in-the-middle (MitM) attack.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) XML External Entity injection
EUVDB-ID: #VU67949
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-2458
CWE-ID:
CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input within Business Central and Kie-Server APIs. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Incorrect authorization
EUVDB-ID: #VU66071
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-1365
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to exposure of sensitive information due to insecure following of redirects. A remote attacker can force the application to redirect to a malicious website and gain access to authorization cookie.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Out-of-bounds write
EUVDB-ID: #VU61799
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-36518
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted input. A remote attacker can trigger out-of-bounds write and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU65749
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24771
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to a improper signature verification when checking the digestAlgorithm structure. A remote unauthenticated attacker can use a specially-crafted structure to steal padding bytes and use unchecked portion of the PKCS#1 encoded message to exploit this vulnerability and forge a signature when a low public exponent is being used.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Information disclosure
EUVDB-ID: #VU67937
Risk: Low
CVSSv3.1: 2.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0722
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to cookies from another domain.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Prototype pollution
EUVDB-ID: #VU57216
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-23436
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation. A remote attacker can send a specially crafted request to the application and perform prototype pollution.
Note, the vulnerability exists due to incomplete fix for #VU57215.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Information disclosure
EUVDB-ID: #VU61471
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-0235
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the application follows the "Location" HTTP header redirect and passes authorization cookie to a third-party resource. A remote attacker can gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Input validation error
EUVDB-ID: #VU62716
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-26520
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to create arbitrary files on the system.
The vulnerability exists due to insufficient validation of user-supplied input when handling jdbc URL or its properties. A remote attacker can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties.
Successful exploitation of the vulnerability may allow an attacker to create and executable arbitraru JSP file under a Tomcat web root.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Resource exhaustion
EUVDB-ID: #VU64030
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-44906
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Path traversal
EUVDB-ID: #VU62463
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24785
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the npm version of Moment.js. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Information disclosure
EUVDB-ID: #VU63777
Risk: Medium
CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2022-1650
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
19) Improper initialization
EUVDB-ID: #VU62714
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-21724
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to improper initialization in pgjdbc driver when handling attacker-controlled URL in connection properties as the driver does not verify if the class implements the expected interface before instantiating the class. A remote attacker can pass specially crafted URL to the affected application and execute arbitrary code in the system.
Install update from vendor's website.
Vulnerable software versionsIBM Business Automation Manager Open Editions: 8.0.0
CPE2.3 External linkshttp://www.ibm.com/blogs/psirt/security-bulletin-multiple-security-vulnerabilities-are-addressed-with-ibm-business-automation-manager-open-editions-8-0-1/
http://www.ibm.com/support/pages/node/6832944
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
