CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29834
https://notcve.org/view.php?id=CVE-2021-29834
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. IBM Business Automation Workflow versiones 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2 y 21.0.2 e IBM Business Process Manager 8.5 y 8.6 son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/204832 https://www.ibm.com/support/pages/node/6493271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-29751
https://notcve.org/view.php?id=CVE-2021-29751
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.5 y 8.6, podrían permitir a un usuario autenticado obtener información confidencial sobre otro usuario bajo configuraciones no predeterminadas. IBM X-Force ID: 201779 • https://exchange.xforce.ibmcloud.com/vulnerabilities/201779 https://www.ibm.com/support/pages/node/6465127 https://www.ibm.com/support/pages/node/6467055 •
CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-4531
https://notcve.org/view.php?id=CVE-2020-4531
IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715. IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, podrían permitir a un atacante remoto obtener información confidencial cuando es devuelto un mensaje de error técnico detallado en el navegador. Esta información podría ser usada en nuevos ataques contra el sistema. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182715 https://www.ibm.com/support/pages/node/6336935 • CWE-252: Unchecked Return Value •
CVSS: 5.4EPSS: 0%CPEs: 4EXPL: 0CVE-2020-4530
https://notcve.org/view.php?id=CVE-2020-4530
IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714. IBM Business Automation Workflow CD0 e IBM Business Process Manager versiones 8.0, 8.5 y 8.6, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/182714 https://www.ibm.com/support/pages/node/6332417 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 36EXPL: 0CVE-2020-4698
https://notcve.org/view.php?id=CVE-2020-4698
IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186841. IBM Business Process Manager versiones 8.5, 8.6 e IBM Business Automation Workflow versiones 18.0, 19.0 y 20.0, son vulnerables a ataques de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/186841 https://www.ibm.com/support/pages/node/6326825 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •