What vulnerability was discovered in IBM's Business Automation Workflow software?

The vulnerability, tracked as CVE-2021-23450, is a critical issue caused by an outdated version of the Dojo JavaScript library in IBM's Business Automation Workflow software. This flaw, with a CVSS score of 9.8, allows for arbitrary code injection and had remained unpatched in certain versions of the software.

Which versions of IBM Business Automation Workflow are affected by CVE-2021-23450?

The affected versions include containerized versions 20.0.0.x, 21.0.x, 22.0.x, 23.0.x, and traditional versions from 18 through 23. IBM has released patches and recommendations to address the vulnerability.

What actions should users take to mitigate the CVE-2021-23450 vulnerability?

IBM recommends the following updates to mitigate this vulnerability: 1. **Containerized Versions (20.0.0.x, 21.0.x, 22.0.x, 23.0.x):** Upgrade to either version 21.0.3-IF037 or the latest version 24.0.0-IF003. 2. **Traditional Version (21.0.3.1):** Apply hotfix DT394647. 3. **Traditional Versions (18 through 23):** IBM advises replacing these older environments to fully mitigate the vulnerability.

Why is updating IBM Business Automation Workflow important for CVE-2021-23450?

Updating is essential because CVE-2021-23450 is a critical vulnerability with a CVSS score of 9.8. If unpatched, it allows arbitrary code injection, posing significant security risks to affected systems. IBM's recent patch ensures that these security risks are mitigated.

How does IBM suggest users handle traditional versions of Business Automation Workflow from 18 through 23?

IBM recommends replacing traditional versions 18 through 23 of Business Automation Workflow with newer environments to ensure comprehensive mitigation of the CVE-2021-23450 vulnerability.

Advisory

IBM addresses long-standing critical flaw in Business Automation Workflow

published: Oct. 31, 2024

Take action: If you are running IBM Business Automation Workflow, time to prepare this for the next patching round. As the flaw has been around for years, it's not as if it's going to be attacked immediately. But give it a couple of months and there will be exploits. So run the regular patch and don't ignore this.

Learn More

IBM has addressed a long-standing critical vulnerability in its Business Automation Workflow software, caused by an outdated version of the Dojo JavaScript library.

The vulnerability, tracked as CVE-2021-23450 (CVSS score 9.8) allowed for arbitrary code injection and had remained unpatched in certain versions of the software until now.

The Dojo library vulnerability was first identified in 2021, and IBM had initially warned users about the potential risk, listing Business Automation Workflow as an impacted product. IBM has now released a comprehensive fix for both traditional and containerized versions of the software.

To mitigate this security risk, IBM advises the following updates:

Containerized Versions (20.0.0.x, 21.0.x, 22.0.x, 23.0.x): Upgrade to either version 21.0.3-IF037 or the latest version 24.0.0-IF003.
Traditional Version (21.0.3.1): Apply hotfix DT394647.
Traditional Versions (18 through 23): IBM recommends replacing these older environments to ensure full mitigation.

IBM addresses long-standing critical flaw in Business Automation Workflow

Read More
SAP releases December 2024 patches for 16 flaws, …
NetSupport Manager Zero-Day Flaws Enable Unauthenticated Remote Code …
Researchers report flaws in Securden Unified PAM, at …
Critical authentication bypass vulnerability reported in Apache Pinot
Critical vulnerability reported in Veritas Arctera InfoScale