Stored Cross-Site Scripting in IBM Cloud Pak for Business Automation
CVE-2024-52365
6.4MEDIUM
Key Information:
- Vendor
- IBM
- Vendor
- CVE Published:
- 5 February 2025
Summary
The IBM Cloud Pak for Business Automation contains a vulnerability that allows authenticated users to execute arbitrary JavaScript code through stored cross-site scripting. This weakness can be exploited via the web interface, enabling attackers to manipulate the application's functionality and potentially expose sensitive information, including user credentials during trusted sessions.
Affected Version(s)
Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved