Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and Cloud Pak for Automation
CVE-2021-29775
6.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 28 June 2021
Summary
IBM Business Automation Workflow and IBM Cloud Pak for Automation are susceptible to a cross-site scripting vulnerability that allows attackers to inject arbitrary JavaScript code into the Web UI. This can lead to unauthorized manipulation of the user interface and potentially expose sensitive information such as user credentials within a trusted session. Users should be aware of this risk and implement necessary patches to secure their deployments.
Affected Version(s)
Business Automation Workflow 18.0.0.0
Business Automation Workflow 18.0.0.1
Business Automation Workflow 18.0.0.2
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved