CVSS: 5.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38390
https://notcve.org/view.php?id=CVE-2022-38390
Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. Varias versiones de IBM Business Automation Workflow son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario web, alterando así la funcionalidad prevista, lo que podría conducir a la divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/233978 https://www.ibm.com/support/pages/node/6839847 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-35279
https://notcve.org/view.php?id=CVE-2022-35279
"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3 y 22.0.1 podrían revelar información confidencial de la versión a usuarios autenticados que podría usarse en futuros ataques contra el sistema. IBM X-Force ID: 230537." • https://www.ibm.com/support/pages/node/6829847 • CWE-312: Cleartext Storage of Sensitive Information •