CVE-2021-29775
https://notcve.org/view.php?id=CVE-2021-29775
IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029. IBM Business Automation Workflow versiones 19.0.03 y 20.0 e IBM Cloud Pak for Automation versiones 20.0.3-IF002 y 21.0.1, son vulnerables a ataques de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando así la funcionalidad prevista y conllevando potencialmente a una divulgación de credenciales dentro de una sesión confiable. • https://exchange.xforce.ibmcloud.com/vulnerabilities/203029 https://www.ibm.com/support/pages/node/6465127 https://www.ibm.com/support/pages/node/6467057 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-20482
https://notcve.org/view.php?id=CVE-2021-20482
IBM Cloud Pak for Automation 20.0.2 and 20.0.3 IF002 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 197504. IBM Cloud Pak for Automation versiones 20.0.2 y 20.0.3 IF002, son vulnerables a un ataque de tipo External Entity Injection (XXE) al procesar datos XML. Un atacante remoto podría aprovechar esta vulnerabilidad para exponer información confidencial o consumir recursos de la memoria. • https://exchange.xforce.ibmcloud.com/vulnerabilities/197504 https://www.ibm.com/support/pages/node/6437577 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2021-20359
https://notcve.org/view.php?id=CVE-2021-20359
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized user. IBM X-Force ID: 194966. IBM Cloud Pak for Automation versiones 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component, almacena información potencialmente confidencial en archivos de registro que podría obtener un usuario no autorizado. IBM X-Force ID: 194966 • https://exchange.xforce.ibmcloud.com/vulnerabilities/194966 https://www.ibm.com/support/pages/node/6412345 • CWE-532: Insertion of Sensitive Information into Log File •
CVE-2021-20358
https://notcve.org/view.php?id=CVE-2021-20358
IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965. IBM Cloud Pak for Automation versiones 20.0.3, 20.0.2-IF002, almacena información potencialmente confidencial en texto sin cifrar en archivos de registro de conexión de la API. Esta información puede ser obtenida por un usuario con permisos para leer archivos de registro. • https://exchange.xforce.ibmcloud.com/vulnerabilities/194965 https://www.ibm.com/support/pages/node/6412345 • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2020-4325
https://notcve.org/view.php?id=CVE-2020-4325
The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. La API REST de Global Teams del IBM Process Federation Server versiones 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2 y 19.0.0.3, no cierra apropiadamente los grupos de subprocesos (hilos) que crea para recuperar la información de Global Teams desde los sistemas federados. Como consecuencia, la Java Virtual Machine no puede recuperar la memoria utilizada por esos grupos de subprocesos (hilos), lo que conlleva a una excepción OutOfMemory cuando la API REST de Global Teams del Process Federation Server es usado ampliamente. • https://exchange.xforce.ibmcloud.com/vulnerabilities/177596 https://www.ibm.com/support/pages/node/6125403 • CWE-404: Improper Resource Shutdown or Release •