CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-29859
https://notcve.org/view.php?id=CVE-2021-29859
02 May 2022 — IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation versiones V21.0.3 hasta V21.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206081 •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-29872
https://notcve.org/view.php?id=CVE-2021-29872
18 Jan 2022 — IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. IBM Cloud Pak for Au... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206228 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29775
https://notcve.org/view.php?id=CVE-2021-29775
28 Jun 2021 — IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029. IBM Business Automation Workflow versiones 19.0.03 y 20.0 e IBM Cloud Pak for Automation versiones 20.0.3-IF002 y 21.0.1, son vulnerables a ataques... • https://exchange.xforce.ibmcloud.com/vulnerabilities/203029 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •