Cross-Site Scripting Vulnerability in IBM Business Automation Workflow
CVE-2021-29878

5.4MEDIUM

Key Information:

Vendor: IBM
Status: Business Automation Workflow
Vendor: CVE Published:; 18 October 2021

What is CVE-2021-29878?

IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0 are susceptible to cross-site scripting, allowing attackers to inject arbitrary JavaScript code into the web interface. This can compromise the intended functionality of the application and potentially lead to unauthorized access to user credentials within a trusted session. It is crucial for organizations to implement security measures to mitigate this vulnerability and ensure user safety.

Affected Version(s)

Business Automation Workflow 18.0.0.0

Business Automation Workflow 18.0.0.1

Business Automation Workflow 18.0.0.2

References

https://www.ibm.com/support/pages/node/6501949

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/206581

vdb-entryx_refsource_XF

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2021
Vulnerability Reserved
Mar 31, 2021