CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38883
https://notcve.org/view.php?id=CVE-2021-38883
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. IBM Business Automation Workflow versiones 18.0, 19.0, 20,0 y 21.0 e IBM Business Process Manager versiones 8.5 y 8.6, son vulnerables a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/209165 https://www.ibm.com/support/pages/node/6527270 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29753
https://notcve.org/view.php?id=CVE-2021-29753
IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM Business Automation Workflow versiones 18. 19, 20, 21, e IBM Business Process Manager 8.5 y d8.6, transmite o almacena credenciales de autenticación, pero usa un método no seguro que es susceptible de ser interceptado y/o recuperado sin autorización • https://exchange.xforce.ibmcloud.com/vulnerabilities/201919 https://www.ibm.com/support/pages/node/6513703 • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-29835
https://notcve.org/view.php?id=CVE-2021-29835
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833. IBM Business Automation Workflow versiones 18.0, 19.0, 20.0 y 21.0, es vulnerable a una ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/204833 https://www.ibm.com/support/pages/node/6507319 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29878
https://notcve.org/view.php?id=CVE-2021-29878
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. IBM Business Automation Workflow versiones 18.0, 19.0, 20.0 y 21.0, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/206581 https://www.ibm.com/support/pages/node/6501949 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2021-29834
https://notcve.org/view.php?id=CVE-2021-29834
IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. IBM Business Automation Workflow versiones 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2 y 21.0.2 e IBM Business Process Manager 8.5 y 8.6 son vulnerables a un ataque de tipo cross-site scripting almacenado. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/204832 https://www.ibm.com/support/pages/node/6493271 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •