Stored Cross-Site Scripting in IBM Cloud Pak for Business Automation
CVE-2024-52365

6.4MEDIUM

Key Information:

Vendor
IBM
Vendor
CVE Published:
5 February 2025

Summary

The IBM Cloud Pak for Business Automation contains a vulnerability that allows authenticated users to execute arbitrary JavaScript code through stored cross-site scripting. This weakness can be exploited via the web interface, enabling attackers to manipulate the application's functionality and potentially expose sensitive information, including user credentials during trusted sessions.

Affected Version(s)

Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.