Rewterz Threat Advisory – CVE-2020-4557 – IBM Business Automation Workflow cross-site scripting Vulnerability

Rewterz Threat Advisory – CVE-2020-2021 – Palo Alto Authentication Bypass in SAML Authentication

June 29, 2020

Rewterz Threat Alert – Agent Tesla Malware – IOCs

June 30, 2020

Rewterz Threat Advisory – CVE-2020-4557 – IBM Business Automation Workflow cross-site scripting Vulnerability

Severity

Medium

Analysis Summary

IBM Business Automation Workflow and IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Impact

Cross-site scripting

Affected Vendors

IBM

Affected Products

IBM Business Process Manager 8.5
IBM Business Process Manager 8.6
IBM Business Automation Workflow 18.0
IBM Business Automation Workflow 19.0
IBM Business Automation Workflow 20.0

Remediation

Refer to IBM Security Bulletin 6241338 for patch, upgrade or suggested workaround information.

https://www.ibm.com/support/pages/node/6241338?cm_mc_uid=37426781036015897828334&cm_mc_sid_50200000=10751201593494077447

Rewterz Threat Advisory – CVE-2020-2021 – Palo Alto Authentication Bypass in SAML Authentication

Rewterz Threat Alert – Agent Tesla Malware – IOCs

Rewterz Threat Advisory – CVE-2020-4557 – IBM Business Automation Workflow cross-site scripting Vulnerability

Severity

Analysis Summary

Impact

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan