CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28764 – IBM WebSphere Automation CSV injection
https://notcve.org/view.php?id=CVE-2024-28764
IBM WebSphere Automation 1.7.0 could allow an attacker with privileged access to the network to conduct a CSV injection. An attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 285623. IBM WebSphere Automation 1.7.0 podría permitir que un atacante con acceso privilegiado a la red realice una inyección CSV. Un atacante podría ejecutar comandos arbitrarios en el sistema, causados por una validación inadecuada del contenido del archivo csv. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285623 https://www.ibm.com/support/pages/node/7149857 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-28775 – IBM WebSphere Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-28775
IBM WebSphere Automation 1.7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285648. IBM WebSphere Automation 1.7.0 es vulnerable a Cross Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/285648 https://www.ibm.com/support/pages/node/7149856 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •