Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and Cloud Pak for Automation
CVE-2021-29775

6.4MEDIUM

Key Information:

Vendor
IBM
Status
Business Automation Workflow
Cloud Pak For Automation
Vendor
CVE Published:
28 June 2021

Summary

IBM Business Automation Workflow and IBM Cloud Pak for Automation are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This can lead to unauthorized manipulation of the user interface and potentially expose sensitive information such as user credentials within a trusted session. Users should be aware of this risk and implement necessary patches to secure their deployments.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 18.0.0.1

Business Automation Workflow 18.0.0.2

References

https://www.ibm.com/support/pages/node/6465127
x_refsource_CONFIRM
https://www.ibm.com/support/pages/node/6467057
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/203029
vdb-entryx_refsource_XF

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.