CVE-2022-22361

Name of the Vulnerable Software and Affected Versions IBM Business Automation Workflow traditional versions 21.0.1 through 21.0.3 IBM Business Automation Workflow traditional versions 20.0.0.1 through 20.0.0.2 IBM Business Automation Workflow traditional versions 19.0.0.1 through 19.0.0.3 IBM Business Automation Workflow traditional versions 18.0.0.0 through 18.0.0.1 IBM Business Automation Workflow containers versions 21.0.1 through 21.0.3 IBM Business Automation Workflow containers versions 20.0.0.1 through 20.0.0.2 IBM Business Process Manager versions 8.6.0.0 through 8.6.0.201803 IBM Business Process Manager versions 8.5.0.0 through 8.5.0.201706

Description The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Recommendations For IBM Business Automation Workflow traditional versions 21.0.1 through 21.0.3, update to a version outside of this range to resolve the issue. For IBM Business Automation Workflow traditional versions 20.0.0.1 through 20.0.0.2, update to a version outside of this range to resolve the issue. For IBM Business Automation Workflow traditional versions 19.0.0.1 through 19.0.0.3, update to a version outside of this range to resolve the issue. For IBM Business Automation Workflow traditional versions 18.0.0.0 through 18.0.0.1, update to a version outside of this range to resolve the issue. For IBM Business Automation Workflow containers versions 21.0.1 through 21.0.3, update to a version outside of this range to resolve the issue. For IBM Business Automation Workflow containers versions 20.0.0.1 through 20.0.0.2, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.6.0.0 through 8.6.0.201803, update to a version outside of this range to resolve the issue. For IBM Business Process Manager versions 8.5.0.0 through 8.5.0.201706, update to a version outside of this range to resolve the issue.