Summary: The security bulletin addresses multiple vulnerabilities with IBM Cloud Pak for Business Automation iFixes for April 2022. Vulnerability Details: - CVE-2021-39038: Clickjacking vulnerability in IBM WebSphere Application Server and Liberty. CVSS Base score: 4.4, CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N) - CVE-2022-0536: Sensitive information leak via follow redirects in Node.js. CVSS Base score: 2.6, CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N) - Additional Vulnerabilities: The bulletin lists several other vulnerabilities including information leaks, cross-site scripting, and unspecified vulnerabilities in various components. Affected Products and Versions: - IBM Cloud Pak for Business Automation (multiple versions affected) Remediation/Fixes: Apply the April 2022 security fix for affected versions. Document Information: - Software versions: 18.0.0, 18.0.1, 18.0.2, 219.0.1, 19.0.2, 19.0.3, 200.1, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3 - Document number: 6578583 - Modified date: 29 April 2022