IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager

There are multiple vulnerabilities in IBM® Runtime Environment Java Versions 6 and 7 used by the desktop version of IBM Process Designer. IBM Process Designer has addressed the applicable CVEs.

CVE(s): CVE-2019-2602, CVE-2019-2684

Affected product(s) and affected version(s):
IBM Business Automation Workflow 18.0.0.1, 18.0.0.2, 19.0.0.1
IBM Business Process Manager 8.6.0.0 – 8.6.0.0 CF2018.03
IBM Business Process Manager 8.5.7 – 8.5.7 CF2017.06
IBM Business Process Manager 8.5.6.0 – 8.5.6.0 CF02
IBM Business Process Manager 8.5.5.0
IBM Business Process Manager 8.5.0.0 – 8.5.0.2
IBM Business Process Manager 8.0.0.0 – 8.0.1.3
IBM Business Process Manager 7.5.0.0 – 7.5.1.2

Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10884048
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159698
X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/159776

The post IBM Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect IBM Process Designer used in IBM Business Automation Workflow and IBM Business Process Manager appeared first on IBM PSIRT Blog.

from IBM Product Security Incident Response Team https://ibm.co/2MiiltE