Cross-Site Scripting Vulnerability in IBM Business Automation Workflow
CVE-2021-29835

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow
Vendor: CVE Published:; 22 October 2021

Summary

IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0 are susceptible to a cross-site scripting vulnerability that enables attackers to embed arbitrary JavaScript code within the Web UI. This could compromise the integrity of the application, allowing malicious scripts to execute within trusted user sessions, potentially leading to the unauthorized disclosure of sensitive information such as user credentials.

Affected Version(s)

Business Automation Workflow 18.0

Business Automation Workflow 19.0

Business Automation Workflow 20.0

References

https://www.ibm.com/support/pages/node/6507319

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/204833

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 22, 2021
Vulnerability Reserved
Mar 31, 2021