Search criteria
144 vulnerabilities found for business_automation_workflow by ibm
FKIE_CVE-2025-1495
Vulnerability from fkie_nvd - Published: 2025-05-03 17:15 - Updated: 2025-08-14 01:52
Severity ?
Summary
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7232434 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | 24.0.1 | |
| ibm | business_automation_workflow | 24.0.1 | |
| ibm | business_automation_workflow | 24.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "97545315-79AD-4FFC-8275-DAD2C79908ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:-:*:*:containers:*:*:*",
"matchCriteriaId": "D5D9EC44-05CE-44FA-AFDE-A4FA326A54F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:interim_fix_001:*:*:containers:*:*:*",
"matchCriteriaId": "5A2BA712-EBF8-4111-A32E-43BDCE85E5E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 24.0.0 y 24.0.1 a 24.0.1 IF001 Center puede filtrar informaci\u00f3n confidencial debido a la falta de validaci\u00f3n de autorizaci\u00f3n."
}
],
"id": "CVE-2025-1495",
"lastModified": "2025-08-14T01:52:35.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
},
"published": "2025-05-03T17:15:44.767",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-306"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2024-54179
Vulnerability from fkie_nvd - Published: 2025-03-03 14:15 - Updated: 2025-08-18 18:21
Severity ?
Summary
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7184647 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | 24.0.0 | |
| ibm | business_automation_workflow | 24.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "7A30F6DC-96E1-4131-A016-0E3609C576C5",
"versionEndIncluding": "24.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "3FF1F044-0426-4F6A-8BDC-66E11912C298",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "7F178C61-DBCD-4D15-82FE-5FD4F28537D2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow e IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 y versiones anteriores no admitidas son vulnerables a ataques de cross-site scripting. Esta vulnerabilidad permite que un usuario autenticado incorpore c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, lo que altera la funcionalidad prevista y puede provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza."
}
],
"id": "CVE-2024-54179",
"lastModified": "2025-08-18T18:21:11.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
},
"published": "2025-03-03T14:15:33.960",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7184647"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-43188
Vulnerability from fkie_nvd - Published: 2024-09-18 12:15 - Updated: 2024-09-29 00:24
Severity ?
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
4.9 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Summary
IBM Business Automation Workflow
22.0.2, 23.0.1, 23.0.2, and 24.0.0
could allow a privileged user to perform unauthorized activities due to improper client side validation.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7168769 | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | 20.0.0.1 | |
| ibm | business_automation_workflow | 20.0.0.2 | |
| ibm | business_automation_workflow | 22.0.1 | |
| ibm | business_automation_workflow | 22.0.2 | |
| ibm | business_automation_workflow | 23.0.1 | |
| ibm | business_automation_workflow | 23.0.2 | |
| ibm | business_automation_workflow | 24.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "F74D99AD-0570-49B3-9B0D-6F28FA9564B4",
"versionEndIncluding": "18.0.0.3",
"versionStartIncluding": "18.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "F7C0BC37-0F42-463F-B2E4-F2B3D3958314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "7E9F20F6-4D3B-4AD6-9F6B-E145598FFEE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
"matchCriteriaId": "95CE7462-D6B6-41AE-BD90-E2D65E0318A3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow \n\n22.0.2, 23.0.1, 23.0.2, and 24.0.0\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2 y 24.0.0 podr\u00edan permitir que un usuario privilegiado realice actividades no autorizadas debido a una validaci\u00f3n incorrecta del lado del cliente."
}
],
"id": "CVE-2024-43188",
"lastModified": "2024-09-29T00:24:49.103",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-09-18T12:15:02.867",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168769"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-602"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-38321
Vulnerability from fkie_nvd - Published: 2024-08-03 14:15 - Updated: 2024-09-06 14:50
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/294868 | Broken Link | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7162334 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:containers:*:*:*",
"matchCriteriaId": "AEB1C9C9-69C0-41CA-8FE8-9E2C142DC112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:containers:*:*:*",
"matchCriteriaId": "B9C41C12-BD6B-4E49-9BA4-288524FF55C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:containers:*:*:*",
"matchCriteriaId": "9FDDD905-95EA-4DCC-B359-7E6DAEFC537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*",
"matchCriteriaId": "12725407-1B9F-43B7-8D66-F0E3B0181830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
"matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
"matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
"matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
"matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
"matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
"matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
"matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
"matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*",
"matchCriteriaId": "84689E35-3C11-44D2-B719-0F47CC7DE6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*",
"matchCriteriaId": "05248E0A-BE7C-4AA1-80B8-5397382D742E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*",
"matchCriteriaId": "0852419C-62F1-49BA-BD99-96700D33ED64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:containers:*:*:*",
"matchCriteriaId": "628B7F15-103F-4B84-90ED-EBFAD633BCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if016:*:*:containers:*:*:*",
"matchCriteriaId": "91E22A7B-18F4-461C-9986-0CECBAB879F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if017:*:*:containers:*:*:*",
"matchCriteriaId": "4FE832E4-BE4B-4923-A98D-3B127758C103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if028:*:*:containers:*:*:*",
"matchCriteriaId": "EE7E0724-C7FB-4436-A702-EC2102205175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if029:*:*:containers:*:*:*",
"matchCriteriaId": "40505E62-F229-45B5-8D22-30487471477C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if030:*:*:containers:*:*:*",
"matchCriteriaId": "D8E150F5-F27C-471C-A911-C2CC07E31EBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if031:*:*:containers:*:*:*",
"matchCriteriaId": "3F8FA6E0-01CF-458A-8AD3-3388BBA4FE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if032:*:*:containers:*:*:*",
"matchCriteriaId": "2CAF9596-964B-4E58-BB9D-07138F4566F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if033:*:*:containers:*:*:*",
"matchCriteriaId": "08853431-59B4-4730-88E3-812DF7B6691B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if034:*:*:containers:*:*:*",
"matchCriteriaId": "1BDB3D3C-1964-42F1-8035-2B4F2752E535",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:containers:*:*:*",
"matchCriteriaId": "A157A0AD-B1AB-4FBB-AD00-348ADAE52173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:containers:*:*:*",
"matchCriteriaId": "F2F5CF83-2F00-476D-BA79-5BD0AF71D929",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:containers:*:*:*",
"matchCriteriaId": "AC67163F-742E-46BC-BF63-75F15F8D2DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:containers:*:*:*",
"matchCriteriaId": "A99644F1-3E98-4156-B155-7FA642EA7BBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "1FD8E8F7-6B5F-4A21-90AF-483A8DFE4CFA",
"versionEndIncluding": "20.0.0.2",
"versionStartIncluding": "20.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "07308147-9441-4231-9BC0-231C3181F255",
"versionEndIncluding": "21.0.3.0",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "5CA224F7-AF29-4F8C-BD70-E9C0A7A2B366",
"versionEndIncluding": "22.0.2",
"versionStartIncluding": "22.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "A510FD89-9F92-4514-A706-52719EDC59E0",
"versionEndIncluding": "23.0.2",
"versionStartIncluding": "23.0.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "981B50AE-8B79-4E39-87AA-34DFA93B607A",
"versionEndIncluding": "23.0.2",
"versionStartIncluding": "23.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "3E9B8E36-CA86-459C-A0CF-F00F179119FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2 y 24.0.0 almacena informaci\u00f3n potencialmente confidencial en archivos de registro en determinadas situaciones que un usuario autenticado podr\u00eda leer. ID de IBM X-Force: 284868."
}
],
"id": "CVE-2024-38321",
"lastModified": "2024-09-06T14:50:53.583",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-08-03T14:15:48.013",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294868"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7162334"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-532"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-50947
Vulnerability from fkie_nvd - Published: 2024-02-04 01:15 - Updated: 2024-11-21 08:37
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7114419 | Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/7114430 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7114419 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/7114430 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "EA4F72CF-1AE0-4B3B-BD23-4BFB086C843D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "97316AAE-CB3C-4091-8A36-8FBF050E5B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "CEC71A77-3C31-4362-BAF4-A47ED694F73B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*",
"matchCriteriaId": "12725407-1B9F-43B7-8D66-F0E3B0181830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
"matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
"matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
"matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
"matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
"matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
"matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
"matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
"matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*",
"matchCriteriaId": "84689E35-3C11-44D2-B719-0F47CC7DE6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*",
"matchCriteriaId": "05248E0A-BE7C-4AA1-80B8-5397382D742E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*",
"matchCriteriaId": "0852419C-62F1-49BA-BD99-96700D33ED64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:containers:*:*:*",
"matchCriteriaId": "628B7F15-103F-4B84-90ED-EBFAD633BCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if016:*:*:containers:*:*:*",
"matchCriteriaId": "91E22A7B-18F4-461C-9986-0CECBAB879F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if017:*:*:containers:*:*:*",
"matchCriteriaId": "4FE832E4-BE4B-4923-A98D-3B127758C103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if028:*:*:containers:*:*:*",
"matchCriteriaId": "EE7E0724-C7FB-4436-A702-EC2102205175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "4052CAAA-1247-468F-A528-2DAC2F0C745B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "96E5413A-7C63-4066-ADB9-B7A30095D457",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "3E9B8E36-CA86-459C-A0CF-F00F179119FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "827165FB-FCB2-4684-BFC5-D9560BD7FC03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "7EDE5FAA-6843-486D-BEAA-A82E088A2A74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "F7C0BC37-0F42-463F-B2E4-F2B3D3958314",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:enterprise_service_bus:*:*:*",
"matchCriteriaId": "4283CF30-9B92-4E28-8878-9AF0AAAF24D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "716DF694-558C-4115-B70E-E434602BA933",
"versionEndIncluding": "18.0.2",
"versionStartIncluding": "18.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00B3BADE-C2D9-40BC-BAD0-39FCA9FC563B",
"versionEndIncluding": "19.0.3",
"versionStartIncluding": "19.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F99EDA35-605B-4AC3-AFFA-F6507F1DD8E5",
"versionEndIncluding": "20.0.3",
"versionStartIncluding": "20.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0413501D-975D-469E-A854-61E12039A8D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "21D8DE68-5651-4068-B978-79B28F2DC5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "BBEA972A-A41E-44C9-8D35-1A991D3384B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "D3009F4E-7157-43D3-B6A0-2531CDE619BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "1DA97C23-9B80-4956-9873-317902A0D804",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "1D0B6203-C775-4C5E-BAE9-C956E718F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "257A7A17-7EDF-4E23-88A6-216BC29EC467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "26FF217B-1BD4-46E5-8023-2B2989FF7868",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "C60E58EA-C4D5-4D4D-8C9B-3EC33A7027E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*",
"matchCriteriaId": "7817670E-5649-42A9-B5F9-7586D7AEB4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*",
"matchCriteriaId": "FC7F85E8-8185-418A-B25F-8E64A58177DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*",
"matchCriteriaId": "37616DCD-C26C-44EA-AA7F-732DC128FFE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*",
"matchCriteriaId": "26CAC076-6FED-49E2-BF33-230F1D1195F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*",
"matchCriteriaId": "5A88C56C-22CC-4791-BB33-C1494E7F41EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*",
"matchCriteriaId": "12652B2E-307E-4568-920B-A869914ED650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*",
"matchCriteriaId": "8F4E242F-BDF4-4CFE-B808-4A4B7A6FAD0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*",
"matchCriteriaId": "88E736CF-CA6E-400B-9AE3-2C58D2265752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*",
"matchCriteriaId": "02488B2F-8D6E-4BDC-8DA9-45F5EBC42049",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*",
"matchCriteriaId": "854F4AF8-B712-446E-9DE1-A2496D5E9C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*",
"matchCriteriaId": "CF3F1B62-089B-41ED-AD3E-F31F8E967F18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*",
"matchCriteriaId": "ABB843C3-F26D-43A5-AD3E-9D30D00339D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*",
"matchCriteriaId": "42A67A28-CBF1-4C37-A217-F4789ED1850E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*",
"matchCriteriaId": "BFEF1033-B100-400A-9B2B-94AEE3A7B94A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_023:*:*:*:*:*:*",
"matchCriteriaId": "5F109F93-1CE8-4F86-9070-73012ED0FE79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_024:*:*:*:*:*:*",
"matchCriteriaId": "6CC66606-EE8D-4273-832A-4A0391B5DBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_025:*:*:*:*:*:*",
"matchCriteriaId": "8CEF57DE-61D6-41E6-8C34-06A1F859F9AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_026:*:*:*:*:*:*",
"matchCriteriaId": "7C441A0C-5FE4-4F7A-8E88-85E198790D48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_028:*:*:*:*:*:*",
"matchCriteriaId": "9A6F6F2E-0ED8-4478-BFC5-92C736323A63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C35A26E3-D2F7-466C-9010-06AA76568A1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "59BF1F79-6E1E-49EE-8D8E-B524F040AA29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "684E6AB2-84C1-4700-B519-88D0C7D8D3CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78EB3854-3AE9-4AD1-A511-21F02270DB4A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 275665."
}
],
"id": "CVE-2023-50947",
"lastModified": "2024-11-21T08:37:35.167",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-02-04T01:15:25.040",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2023-24957
Vulnerability from fkie_nvd - Published: 2023-05-06 03:15 - Updated: 2025-01-29 16:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/246115 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6965776 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/246115 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6965776 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01362A8C-8482-4AEA-AF8C-62642B6BAD89",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:containers:*:*:*",
"matchCriteriaId": "D2E08C00-5E88-4A99-BC1C-04717E6F458A",
"versionEndExcluding": "21.0.3",
"versionStartIncluding": "20.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:containers:*:*:*",
"matchCriteriaId": "C2916CA1-8020-46D6-B114-E63066EB6972",
"versionEndExcluding": "22.0.2",
"versionStartIncluding": "22.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.0:*:*:*:-:*:*:*",
"matchCriteriaId": "F6ED3777-F79B-4A0E-8E25-6721C61B54F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.1:*:*:*:-:*:*:*",
"matchCriteriaId": "23520189-E725-45B1-8C21-4D7ECF32CA6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0.2:*:*:*:-:*:*:*",
"matchCriteriaId": "329D772E-2E9B-408E-99C8-D80E44BAD5B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:-:*:*:containers:*:*:*",
"matchCriteriaId": "12725407-1B9F-43B7-8D66-F0E3B0181830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
"matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
"matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
"matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
"matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
"matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
"matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
"matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
"matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*",
"matchCriteriaId": "84689E35-3C11-44D2-B719-0F47CC7DE6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*",
"matchCriteriaId": "05248E0A-BE7C-4AA1-80B8-5397382D742E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*",
"matchCriteriaId": "0852419C-62F1-49BA-BD99-96700D33ED64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:containers:*:*:*",
"matchCriteriaId": "628B7F15-103F-4B84-90ED-EBFAD633BCE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if016:*:*:containers:*:*:*",
"matchCriteriaId": "91E22A7B-18F4-461C-9986-0CECBAB879F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if017:*:*:containers:*:*:*",
"matchCriteriaId": "4FE832E4-BE4B-4923-A98D-3B127758C103",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:-:*:*:containers:*:*:*",
"matchCriteriaId": "AD4D26F8-D9BD-45F9-95FA-5B02587672FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:if001:*:*:containers:*:*:*",
"matchCriteriaId": "EDE24FAD-9C9E-41EB-8895-7CDB7A31F260",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115."
}
],
"id": "CVE-2023-24957",
"lastModified": "2025-01-29T16:15:39.033",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-05-06T03:15:09.027",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2022-43864
Vulnerability from fkie_nvd - Published: 2023-01-26 21:17 - Updated: 2024-11-21 07:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | 20.0.0.1 | |
| ibm | business_automation_workflow | 20.0.0.2 | |
| ibm | business_automation_workflow | 22.0.1 | |
| ibm | business_automation_workflow | 22.0.2 | |
| ibm | business_monitor | 8.5.5 | |
| ibm | business_monitor | 8.5.6 | |
| ibm | business_monitor | 8.5.7 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DFB13BEC-206E-41B3-A4F3-9281EBB0E213",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_monitor:8.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B27F3476-A531-4B6C-86E1-1D0CCDF793E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_monitor:8.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "61F27962-673C-4501-AA15-182164FBB4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_monitor:8.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "51681BF1-DFD8-40A5-B5A9-6A467A038621",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.\n\n"
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 22.0.2 podr\u00eda permitir que un atacante remoto atraviese directorios del sistema. Un atacante podr\u00eda enviar una solicitud URL especialmente manipulada que contenga secuencias de \"puntos\" (/../) para ver archivos arbitrarios en el sistema. ID de IBM X-Force: 239427."
}
],
"id": "CVE-2022-43864",
"lastModified": "2024-11-21T07:27:17.617",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-26T21:17:48.697",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-42435
Vulnerability from fkie_nvd - Published: 2023-01-04 00:15 - Updated: 2024-11-21 07:24
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 | VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6852217 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 | VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6852217 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EBA0B449-9C87-40A1-A751-D7CB7500C95B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9518076E-2A41-409A-BB38-23E68392C57F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:18.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB74871E-27A9-40BB-8D55-45E00CF858DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5809E8E5-A954-4E65-A594-582A56680FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B5B8D494-90DD-42AA-8D83-264C5B63CF44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:19.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7CD38048-750C-4141-8A52-DB4071D38270",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E33C724D-CA76-46DF-B397-7874AE12F14B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6A7059-10C5-48FC-9A3E-FCEA5CF3903F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "451CB880-C26B-4A39-AD06-73A6BD13973F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50E0F9C5-ACBB-42FE-BDC6-96BF3492C7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if001:*:*:*:*:*:*",
"matchCriteriaId": "6503FA0A-D948-47A4-9DEE-D58910E52EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if002:*:*:*:*:*:*",
"matchCriteriaId": "69E56B42-5F7C-451D-92CE-3D2437BABF62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if003:*:*:*:*:*:*",
"matchCriteriaId": "A72358A4-1871-4EDF-851B-488D5E90BD4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if004:*:*:*:*:*:*",
"matchCriteriaId": "23047A79-1A03-4D55-8343-83F04379BF9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if005:*:*:*:*:*:*",
"matchCriteriaId": "D0CFF4A6-3622-47E7-8DAD-92FD6A0244CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if006:*:*:*:*:*:*",
"matchCriteriaId": "6DFBAF79-67A2-4BA2-A13D-28F7C69630A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.1:if007:*:*:*:*:*:*",
"matchCriteriaId": "89601534-F374-48A4-9848-959B48B3414A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "068CE38A-FBC4-43BF-BD1D-F65F9ADC5141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if001:*:*:*:*:*:*",
"matchCriteriaId": "571A6ACF-E38E-4FDE-A32E-3DDA18D17316",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if002:*:*:*:*:*:*",
"matchCriteriaId": "66AA5938-DADC-47BE-BBE0-31B349631E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if003:*:*:*:*:*:*",
"matchCriteriaId": "B75749E3-C4A0-49FD-9725-4F5514535284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if004:*:*:*:*:*:*",
"matchCriteriaId": "417A01BE-CC6D-4A54-A121-17EDB7BF1646",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if005:*:*:*:*:*:*",
"matchCriteriaId": "F6756C93-B5A1-4A47-94B5-E9623212BD8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if006:*:*:*:*:*:*",
"matchCriteriaId": "4784BE72-DA3D-4567-AA2A-49ABA7D2F066",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if007:*:*:*:*:*:*",
"matchCriteriaId": "B92DC009-0997-4325-8469-CAB2F963163C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if008:*:*:*:*:*:*",
"matchCriteriaId": "07B373A3-09FA-4650-A6D9-1412C5475622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if009:*:*:*:*:*:*",
"matchCriteriaId": "5C0A9A11-0700-4254-B6AE-558A86E03F48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if010:*:*:*:*:*:*",
"matchCriteriaId": "96AACA6A-4CE6-41EA-9906-04E05BD75D3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if011:*:*:*:*:*:*",
"matchCriteriaId": "1B1AA6DF-E73A-4A75-863C-BD116AE917F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:if012:*:*:*:*:*:*",
"matchCriteriaId": "F3B4C2BF-9BD4-4E99-8E2F-6396D59E68EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EFE1F088-FAE8-48A9-AEBE-738CB97F984B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if001:*:*:*:*:*:*",
"matchCriteriaId": "DCF074C0-7CE9-42B4-82BA-662662F7E3CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:*:*:*:*",
"matchCriteriaId": "74DF0590-C1C3-4E46-B1D9-5AEA5767C0FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if003:*:*:*:*:*:*",
"matchCriteriaId": "4DAA3F18-B2E8-4D91-95B1-BB1C91720790",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if004:*:*:*:*:*:*",
"matchCriteriaId": "529728C6-944C-4DD1-979F-F6E9F02FB36E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:*:*:*:*",
"matchCriteriaId": "00076887-2AF4-4B5B-870A-442E8AF686F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:*:*:*:*",
"matchCriteriaId": "FCE5369D-16E2-440E-A97D-8DABCFE9C617",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:*:*:*:*",
"matchCriteriaId": "C41005B8-3D7B-4BF1-83AC-A6816281E0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:*:*:*:*",
"matchCriteriaId": "82AB2F91-CC3E-4D60-9BA1-0174E70E3DB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:*:*:*:*",
"matchCriteriaId": "B65FE877-1A93-4432-B335-A12FF7D6C3A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:*:*:*:*",
"matchCriteriaId": "3276D80B-ABB7-41F1-A128-E89CC649EA84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:*:*:*:*",
"matchCriteriaId": "3FD8A22F-A6C6-4674-B223-3A848C4FA2B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:*:*:*:*",
"matchCriteriaId": "66EC4C8C-BBBF-4878-AF07-3E9CA8A1FD20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:*:*:*:*",
"matchCriteriaId": "EBA97707-1843-45B3-911B-7C6EBAFFDC4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:*:*:*:*",
"matchCriteriaId": "7929C8E9-08F8-49C3-8E41-2B735052CB9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if015:*:*:*:*:*:*",
"matchCriteriaId": "3F9D2173-471A-460F-86B4-1F8C2A485B2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AC8187-347E-4A40-A0FA-B68AFFAA9F2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:*:*:*:*",
"matchCriteriaId": "65D1A1BA-657B-43CD-9718-1D7A8D5223C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if002:*:*:*:*:*:*",
"matchCriteriaId": "AE3823AF-8942-4B9C-8D19-E5DEAC7FBFCB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if003:*:*:*:*:*:*",
"matchCriteriaId": "7E8044CD-FB8B-48E8-9B4B-86BC9A25D3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if004:*:*:*:*:*:*",
"matchCriteriaId": "9427CF82-1EE3-4B54-9D20-B45D5452145D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if005:*:*:*:*:*:*",
"matchCriteriaId": "18B67072-F540-4131-A133-552AF68D0FD3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nIBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.\n\n"
},
{
"lang": "es",
"value": "IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0. 3 y 22.0.1 es vulnerable a Cross Site Request Forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 238054."
}
],
"id": "CVE-2022-42435",
"lastModified": "2024-11-21T07:24:57.990",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-01-04T00:15:10.077",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "psirt@us.ibm.com",
"type": "Primary"
}
]
}
FKIE_CVE-2022-41735
Vulnerability from fkie_nvd - Published: 2022-12-07 17:15 - Updated: 2024-11-21 07:23
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/237809 | Broken Link, VDB Entry | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6845496 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/237809 | Broken Link, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6845496 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:-:*:*:containers:*:*:*",
"matchCriteriaId": "824ACC07-E351-437A-9FAB-7F2E47DE9205",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:-:*:*:containers:*:*:*",
"matchCriteriaId": "485FFABA-EF59-4C36-8B6E-E32A99C02381",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.2:-:*:*:containers:*:*:*",
"matchCriteriaId": "EB656C4F-19FC-4763-93C8-940A2B38B729",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D1DC801A-0F25-48D2-8465-31B5A0939EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if002:*:*:containers:*:*:*",
"matchCriteriaId": "00F5E82D-712A-4AB2-B0B2-BF03507D17D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if005:*:*:containers:*:*:*",
"matchCriteriaId": "0063E78F-2978-43F6-884D-B375E1111E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if006:*:*:containers:*:*:*",
"matchCriteriaId": "CF6317BE-98DF-4A46-9F5B-326177D6AD68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if007:*:*:containers:*:*:*",
"matchCriteriaId": "72A22C4B-AAF2-4A84-AF39-C1C396031D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if008:*:*:containers:*:*:*",
"matchCriteriaId": "39015A02-D36E-4CC9-A5E3-877DFD923ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if009:*:*:containers:*:*:*",
"matchCriteriaId": "19586E74-8802-4C09-A240-D698EE30C570",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if010:*:*:containers:*:*:*",
"matchCriteriaId": "4B06D109-E327-4A2A-9FC9-A5F454022C0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if011:*:*:containers:*:*:*",
"matchCriteriaId": "E67BEF93-133E-4507-B938-79D943AB82CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if012:*:*:containers:*:*:*",
"matchCriteriaId": "84689E35-3C11-44D2-B719-0F47CC7DE6B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if013:*:*:containers:*:*:*",
"matchCriteriaId": "05248E0A-BE7C-4AA1-80B8-5397382D742E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:21.0.3:if014:*:*:containers:*:*:*",
"matchCriteriaId": "0852419C-62F1-49BA-BD99-96700D33ED64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:-:*:*:containers:*:*:*",
"matchCriteriaId": "69B77521-AF61-4711-9219-12D6DADB6F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if001:*:*:containers:*:*:*",
"matchCriteriaId": "E2AEA4BA-C309-4069-9226-B86C1B68F93C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if002:*:*:containers:*:*:*",
"matchCriteriaId": "FAE034D0-E532-41DF-B0FE-ED7FB3F67095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if003:*:*:containers:*:*:*",
"matchCriteriaId": "7DEA8B98-302A-4A88-BF8C-70AFE7E096B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:if004:*:*:containers:*:*:*",
"matchCriteriaId": "2D07B68E-72AE-4616-ADFC-5ABF61EBBC79",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687."
},
{
"lang": "es",
"value": "IBM Business Process Manager 21.0.1 a 21.0.3.1, 20.0.0.1 a 20.0.0.2 19.0.0.1 a 19.0.0.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 65687."
}
],
"id": "CVE-2022-41735",
"lastModified": "2024-11-21T07:23:45.580",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-07T17:15:10.500",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2022-38390
Vulnerability from fkie_nvd - Published: 2022-11-17 17:15 - Updated: 2024-11-21 07:16
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
References
| URL | Tags | ||
|---|---|---|---|
| psirt@us.ibm.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/233978 | Broken Link, VDB Entry, Vendor Advisory | |
| psirt@us.ibm.com | https://www.ibm.com/support/pages/node/6839847 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/233978 | Broken Link, VDB Entry, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ibm.com/support/pages/node/6839847 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | * | |
| ibm | business_automation_workflow | 20.0.0.1 | |
| ibm | business_automation_workflow | 20.0.0.2 | |
| ibm | business_automation_workflow | 22.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "EBA0D501-8535-4CAF-BFAD-88AC5E1FBA03",
"versionEndIncluding": "18.0.0.2",
"versionStartIncluding": "18.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "DB90C98C-7A38-4B9B-878C-028DD872D19C",
"versionEndIncluding": "19.0.0.3",
"versionStartIncluding": "19.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:*:*:*:*:traditional:*:*:*",
"matchCriteriaId": "47064639-B3A7-4F99-8823-40D2C9FE3C1A",
"versionEndIncluding": "21.0.3.1",
"versionStartIncluding": "21.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "D36329EB-4317-4AB1-85FA-4E23F185C179",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:20.0.0.2:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C7FDEC2-CBE3-4C5B-917D-37F2612018FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ibm:business_automation_workflow:22.0.1:*:*:*:traditional:*:*:*",
"matchCriteriaId": "8C6D1E72-FC9F-4A0A-8E80-A3CA8CB0EDAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978."
},
{
"lang": "es",
"value": "Varias versiones de IBM Business Automation Workflow son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 233978."
}
],
"id": "CVE-2022-38390",
"lastModified": "2024-11-21T07:16:22.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-17T17:15:10.127",
"references": [
{
"source": "psirt@us.ibm.com",
"tags": [
"Broken Link",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
},
{
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"VDB Entry",
"Vendor Advisory"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
}
],
"sourceIdentifier": "psirt@us.ibm.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "psirt@us.ibm.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-1495 (GCVE-0-2025-1495)
Vulnerability from cvelistv5 – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
VLAI?
Summary
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
Severity ?
4.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | IBM Business Automation Workflow |
Affected:
24.0.1 , ≤ 24.0.1 IF001
(semver)
Affected: 24.0.0 cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:40:24.977485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:57:22.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.1 IF001",
"status": "affected",
"version": "24.0.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:28:22.723Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1495",
"datePublished": "2025-05-03T16:53:00.666Z",
"dateReserved": "2025-02-20T02:17:50.673Z",
"dateUpdated": "2025-08-28T14:28:22.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54179 (GCVE-0-2024-54179)
Vulnerability from cvelistv5 – Published: 2025-03-03 13:56 – Updated: 2025-09-01 01:10
VLAI?
Summary
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
24.0.0
Affected: 24.0.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:21:46.003265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:21:56.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "24.0.0"
},
{
"status": "affected",
"version": "24.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:enterprise_service_bus:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:enterprise_service_bus:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow Enterprise Service Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "24.0.0, 24.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:10:19.247Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7184647"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54179",
"datePublished": "2025-03-03T13:56:50.099Z",
"dateReserved": "2024-11-30T14:47:55.533Z",
"dateUpdated": "2025-09-01T01:10:19.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43188 (GCVE-0-2024-43188)
Vulnerability from cvelistv5 – Published: 2024-09-18 11:39 – Updated: 2024-09-18 16:40
VLAI?
Summary
IBM Business Automation Workflow
22.0.2, 23.0.1, 23.0.2, and 24.0.0
could allow a privileged user to perform unauthorized activities due to improper client side validation.
Severity ?
4.9 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2, 24.0.0
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:23:48.735450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:23:58.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Business Automation Workflow \n\n\u003cspan style=\"background-color: rgb(244, 244, 244);\"\u003e22.0.2, 23.0.1, 23.0.2, and 24.0.0\u003c/span\u003e\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation.\u003c/span\u003e"
}
],
"value": "IBM Business Automation Workflow \n\n22.0.2, 23.0.1, 23.0.2, and 24.0.0\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:40:53.717Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168769"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow improper input validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43188",
"datePublished": "2024-09-18T11:39:22.958Z",
"dateReserved": "2024-08-07T13:29:34.029Z",
"dateUpdated": "2024-09-18T16:40:53.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38321 (GCVE-0-2024-38321)
Vulnerability from cvelistv5 – Published: 2024-08-03 13:34 – Updated: 2024-08-03 18:49
VLAI?
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2, 24.0.0
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-03T18:49:18.410755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T18:49:24.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868."
}
],
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T13:34:16.845Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7162334"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38321",
"datePublished": "2024-08-03T13:34:16.845Z",
"dateReserved": "2024-06-13T21:43:46.667Z",
"dateUpdated": "2024-08-03T18:49:24.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50947 (GCVE-0-2023-50947)
Vulnerability from cvelistv5 – Published: 2024-02-04 00:11 – Updated: 2024-08-22 17:41
VLAI?
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:40:47.403078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:41:47.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
}
],
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T00:11:02.465Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50947",
"datePublished": "2024-02-04T00:11:02.465Z",
"dateReserved": "2023-12-16T19:35:35.358Z",
"dateUpdated": "2024-08-22T17:41:47.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24957 (GCVE-0-2023-24957)
Vulnerability from cvelistv5 – Published: 2023-05-06 02:05 – Updated: 2025-01-29 16:06
VLAI?
Summary
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, 22.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:04:42.276083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:06:32.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, 22.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115."
}
],
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-06T02:05:46.959Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-24957",
"datePublished": "2023-05-06T02:05:46.959Z",
"dateReserved": "2023-02-01T02:39:37.386Z",
"dateUpdated": "2025-01-29T16:06:32.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43864 (GCVE-0-2022-43864)
Vulnerability from cvelistv5 – Published: 2023-01-25 18:07 – Updated: 2025-03-31 14:34
VLAI?
Summary
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Monitor |
Affected:
8.5.5, 8.5.6, 8.5.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T14:32:57.643948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:34:16.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Monitor",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.5, 8.5.6, 8.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T18:07:21.454Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-43864",
"datePublished": "2023-01-25T18:07:21.454Z",
"dateReserved": "2022-10-26T15:46:22.824Z",
"dateUpdated": "2025-03-31T14:34:16.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42435 (GCVE-0-2022-42435)
Vulnerability from cvelistv5 – Published: 2023-01-03 23:16 – Updated: 2025-04-10 14:36
VLAI?
Summary
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T14:36:08.900745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:36:21.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T23:16:13.875Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-42435",
"datePublished": "2023-01-03T23:16:13.875Z",
"dateReserved": "2022-10-06T15:51:26.497Z",
"dateUpdated": "2025-04-10T14:36:21.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41735 (GCVE-0-2022-41735)
Vulnerability from cvelistv5 – Published: 2022-12-07 16:40 – Updated: 2025-04-22 19:54
VLAI?
Summary
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Process Manager |
Affected:
21.0.1 , < 21.0.3.1
(semver)
Affected: 20.0.0.1 , < 20.0.0.2 (semver) Affected: 19.0.0.1 , < 19.0.0.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:44.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T19:54:32.140269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T19:54:47.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Process Manager",
"vendor": "IBM",
"versions": [
{
"lessThan": "21.0.3.1",
"status": "affected",
"version": "21.0.1",
"versionType": "semver"
},
{
"lessThan": "20.0.0.2",
"status": "affected",
"version": "20.0.0.1",
"versionType": "semver"
},
{
"lessThan": "19.0.0.3",
"status": "affected",
"version": "19.0.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687."
}
],
"value": "IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T16:40:29.374Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Process Manager cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-41735",
"datePublished": "2022-12-07T16:40:29.374Z",
"dateReserved": "2022-09-28T17:18:53.376Z",
"dateUpdated": "2025-04-22T19:54:47.022Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38390 (GCVE-0-2022-38390)
Vulnerability from cvelistv5 – Published: 2022-11-17 16:48 – Updated: 2025-04-29 13:46
VLAI?
Summary
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.1
Affected: 21.0.1 , < 21.0.3.1 (custom) Affected: 20.0.0.1 , < 20.0.0.2 (custom) Affected: 19.0.0.1 , < 19.0.0.3 (custom) Affected: 18.0.0.0 , < 18.0.0.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:46:19.799908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:46:49.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.1"
},
{
"lessThan": "21.0.3.1",
"status": "affected",
"version": "21.0.1",
"versionType": "custom"
},
{
"lessThan": "20.0.0.2",
"status": "affected",
"version": "20.0.0.1",
"versionType": "custom"
},
{
"lessThan": "19.0.0.3",
"status": "affected",
"version": "19.0.0.1",
"versionType": "custom"
},
{
"lessThan": "18.0.0.2",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978."
}
],
"value": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T16:48:11.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-38390",
"datePublished": "2022-11-17T16:48:11.088Z",
"dateReserved": "2022-08-16T18:42:49.433Z",
"dateUpdated": "2025-04-29T13:46:49.770Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1495 (GCVE-0-2025-1495)
Vulnerability from nvd – Published: 2025-05-03 16:53 – Updated: 2025-08-28 14:28
VLAI?
Summary
IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.
Severity ?
4.3 (Medium)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | IBM Business Automation Workflow |
Affected:
24.0.1 , ≤ 24.0.1 IF001
(semver)
Affected: 24.0.0 cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:* cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1495",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T14:40:24.977485Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T14:57:22.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.0:if004:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:24.0.1:*:*:*:*:*:*:*",
"cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:if001:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "IBM Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"lessThanOrEqual": "24.0.1 IF001",
"status": "affected",
"version": "24.0.1",
"versionType": "semver"
},
{
"status": "affected",
"version": "24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"value": "IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-28T14:28:22.723Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7232434"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\u003cbr\u003eIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"value": "IBM Business Automation Workflow containers V24.0.1 - V24.0.1-IF001 Apply 24.0.1-IF002\nIBM Business Automation Workflow traditional V24.0.1 Apply DT424716"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow missing authentication",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2025-1495",
"datePublished": "2025-05-03T16:53:00.666Z",
"dateReserved": "2025-02-20T02:17:50.673Z",
"dateUpdated": "2025-08-28T14:28:22.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-54179 (GCVE-0-2024-54179)
Vulnerability from nvd – Published: 2025-03-03 13:56 – Updated: 2025-09-01 01:10
VLAI?
Summary
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
24.0.0
Affected: 24.0.1 |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-54179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T14:21:46.003265Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T14:21:56.109Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "24.0.0"
},
{
"status": "affected",
"version": "24.0.1"
}
]
},
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:traditional:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:enterprise_service_bus:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.1:*:*:*:enterprise_service_bus:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow Enterprise Service Bus",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "24.0.0, 24.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"value": "IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T01:10:19.247Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory",
"patch"
],
"url": "https://www.ibm.com/support/pages/node/7184647"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-54179",
"datePublished": "2025-03-03T13:56:50.099Z",
"dateReserved": "2024-11-30T14:47:55.533Z",
"dateUpdated": "2025-09-01T01:10:19.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-43188 (GCVE-0-2024-43188)
Vulnerability from nvd – Published: 2024-09-18 11:39 – Updated: 2024-09-18 16:40
VLAI?
Summary
IBM Business Automation Workflow
22.0.2, 23.0.1, 23.0.2, and 24.0.0
could allow a privileged user to perform unauthorized activities due to improper client side validation.
Severity ?
4.9 (Medium)
CWE
- CWE-602 - Client-Side Enforcement of Server-Side Security
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2, 24.0.0
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43188",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T13:23:48.735450Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T13:23:58.053Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIBM Business Automation Workflow \n\n\u003cspan style=\"background-color: rgb(244, 244, 244);\"\u003e22.0.2, 23.0.1, 23.0.2, and 24.0.0\u003c/span\u003e\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation.\u003c/span\u003e"
}
],
"value": "IBM Business Automation Workflow \n\n22.0.2, 23.0.1, 23.0.2, and 24.0.0\n\ncould allow a privileged user to perform unauthorized activities due to improper client side validation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-602",
"description": "CWE-602 Client-Side Enforcement of Server-Side Security",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:40:53.717Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7168769"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow improper input validation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-43188",
"datePublished": "2024-09-18T11:39:22.958Z",
"dateReserved": "2024-08-07T13:29:34.029Z",
"dateUpdated": "2024-09-18T16:40:53.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38321 (GCVE-0-2024-38321)
Vulnerability from nvd – Published: 2024-08-03 13:34 – Updated: 2024-08-03 18:49
VLAI?
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868.
Severity ?
5.3 (Medium)
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2, 24.0.0
cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:* cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38321",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-03T18:49:18.410755Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T18:49:24.893Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:ibm:business_automation_workflow:22.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.1:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:23.0.2:*:*:*:-:*:*:*",
"cpe:2.3:a:ibm:business_automation_workflow:24.0.0:*:*:*:-:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2, 24.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868."
}
],
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-03T13:34:16.845Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7162334"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294868"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow information disclosure",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2024-38321",
"datePublished": "2024-08-03T13:34:16.845Z",
"dateReserved": "2024-06-13T21:43:46.667Z",
"dateUpdated": "2024-08-03T18:49:24.893Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-50947 (GCVE-0-2023-50947)
Vulnerability from nvd – Published: 2024-02-04 00:11 – Updated: 2024-08-22 17:41
VLAI?
Summary
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.2, 23.0.1, 23.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:23:44.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50947",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-22T17:40:47.403078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T17:41:47.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.2, 23.0.1, 23.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
}
],
"value": "IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-04T00:11:02.465Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114419"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/7114430"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275665"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-50947",
"datePublished": "2024-02-04T00:11:02.465Z",
"dateReserved": "2023-12-16T19:35:35.358Z",
"dateUpdated": "2024-08-22T17:41:47.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-24957 (GCVE-0-2023-24957)
Vulnerability from nvd – Published: 2023-05-06 02:05 – Updated: 2025-01-29 16:06
VLAI?
Summary
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, 22.0.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:11:43.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-24957",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-29T16:04:42.276083Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:06:32.818Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, 22.0.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115."
}
],
"value": "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-06T02:05:46.959Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6965776"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/246115"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2023-24957",
"datePublished": "2023-05-06T02:05:46.959Z",
"dateReserved": "2023-02-01T02:39:37.386Z",
"dateUpdated": "2025-01-29T16:06:32.818Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43864 (GCVE-0-2022-43864)
Vulnerability from nvd – Published: 2023-01-25 18:07 – Updated: 2025-03-31 14:34
VLAI?
Summary
IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
Severity ?
7.5 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Monitor |
Affected:
8.5.5, 8.5.6, 8.5.7
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.714Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43864",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-31T14:32:57.643948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-31T14:34:16.725Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Monitor",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "8.5.5, 8.5.6, 8.5.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-25T18:07:21.454Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857239"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6857223"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/239427"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow information disclosure",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-43864",
"datePublished": "2023-01-25T18:07:21.454Z",
"dateReserved": "2022-10-26T15:46:22.824Z",
"dateUpdated": "2025-03-31T14:34:16.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42435 (GCVE-0-2022-42435)
Vulnerability from nvd – Published: 2023-01-03 23:16 – Updated: 2025-04-10 14:36
VLAI?
Summary
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.
Severity ?
4.3 (Medium)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-42435",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T14:36:08.900745Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:36:21.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\n\u003cspan style=\"background-color: rgb(204, 217, 226);\"\u003eIBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.\u003c/span\u003e\n\n"
}
],
"value": "\nIBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-03T23:16:13.875Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6852217"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/238054"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Automation Workflow cross-site request forgery",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-42435",
"datePublished": "2023-01-03T23:16:13.875Z",
"dateReserved": "2022-10-06T15:51:26.497Z",
"dateUpdated": "2025-04-10T14:36:21.653Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-41735 (GCVE-0-2022-41735)
Vulnerability from nvd – Published: 2022-12-07 16:40 – Updated: 2025-04-22 19:54
VLAI?
Summary
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Process Manager |
Affected:
21.0.1 , < 21.0.3.1
(semver)
Affected: 20.0.0.1 , < 20.0.0.2 (semver) Affected: 19.0.0.1 , < 19.0.0.3 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:49:44.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-41735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T19:54:32.140269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T19:54:47.022Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Process Manager",
"vendor": "IBM",
"versions": [
{
"lessThan": "21.0.3.1",
"status": "affected",
"version": "21.0.1",
"versionType": "semver"
},
{
"lessThan": "20.0.0.2",
"status": "affected",
"version": "20.0.0.1",
"versionType": "semver"
},
{
"lessThan": "19.0.0.3",
"status": "affected",
"version": "19.0.0.1",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687."
}
],
"value": "IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-07T16:40:29.374Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6845496"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/237809"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "IBM Business Process Manager cross-site scripting",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-41735",
"datePublished": "2022-12-07T16:40:29.374Z",
"dateReserved": "2022-09-28T17:18:53.376Z",
"dateUpdated": "2025-04-22T19:54:47.022Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38390 (GCVE-0-2022-38390)
Vulnerability from nvd – Published: 2022-11-17 16:48 – Updated: 2025-04-29 13:46
VLAI?
Summary
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978.
Severity ?
5.4 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| IBM | Business Automation Workflow |
Affected:
22.0.1
Affected: 21.0.1 , < 21.0.3.1 (custom) Affected: 20.0.0.1 , < 20.0.0.2 (custom) Affected: 19.0.0.1 , < 19.0.0.3 (custom) Affected: 18.0.0.0 , < 18.0.0.2 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.745Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
},
{
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38390",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-29T13:46:19.799908Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-29T13:46:49.770Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Business Automation Workflow",
"vendor": "IBM",
"versions": [
{
"status": "affected",
"version": "22.0.1"
},
{
"lessThan": "21.0.3.1",
"status": "affected",
"version": "21.0.1",
"versionType": "custom"
},
{
"lessThan": "20.0.0.2",
"status": "affected",
"version": "20.0.0.1",
"versionType": "custom"
},
{
"lessThan": "19.0.0.3",
"status": "affected",
"version": "19.0.0.1",
"versionType": "custom"
},
{
"lessThan": "18.0.0.2",
"status": "affected",
"version": "18.0.0.0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978."
}
],
"value": "Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-17T16:48:11.088Z",
"orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"shortName": "ibm"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.ibm.com/support/pages/node/6839847"
},
{
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/233978"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
"assignerShortName": "ibm",
"cveId": "CVE-2022-38390",
"datePublished": "2022-11-17T16:48:11.088Z",
"dateReserved": "2022-08-16T18:42:49.433Z",
"dateUpdated": "2025-04-29T13:46:49.770Z",
"requesterUserId": "69938c14-a5a2-41ac-a450-71ed41911136",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}