CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54179 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2024-54179
03 Mar 2025 — IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. • https://www.ibm.com/support/pages/node/7184647 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43188 – IBM Business Automation Workflow improper input validation
https://notcve.org/view.php?id=CVE-2024-43188
18 Sep 2024 — IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. • https://www.ibm.com/support/pages/node/7168769 • CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38321 – IBM Business Automation Workflow information disclosure
https://notcve.org/view.php?id=CVE-2024-38321
03 Aug 2024 — IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user. IBM X-Force ID: 284868. • https://exchange.xforce.ibmcloud.com/vulnerabilities/294868 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.5EPSS: 0%CPEs: 68EXPL: 0CVE-2023-50947 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50947
04 Feb 2024 — IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2023-24957 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24957
06 May 2023 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-43864 – IBM Business Automation Workflow information disclosure
https://notcve.org/view.php?id=CVE-2022-43864
25 Jan 2023 — IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. IBM Business Automation Workflow 22.0.2 podría permitir que un atacante remoto atraviese directorios del sistema. Un atacante podría enviar una solicitud URL especialmente manipulada que contenga secuencias de "puntos" (/../) para ver archivos arb... • https://exchange.xforce.ibmcloud.com/vulnerabilities/239427 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 52EXPL: 0CVE-2022-42435 – IBM Business Automation Workflow cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-42435
03 Jan 2023 — IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0. 3 y 22.0.1 es vulnerable a Cross Site Request Forger... • https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0CVE-2022-41735 – IBM Business Process Manager cross-site scripting
https://notcve.org/view.php?id=CVE-2022-41735
07 Dec 2022 — IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. IBM Business Process Manager 21.0.1 a 21.0.3.1, 20.0.0.1 a 20.0.0.2 19.0.0.1 a 19.0.0.3 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad perm... • https://exchange.xforce.ibmcloud.com/vulnerabilities/237809 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38390
https://notcve.org/view.php?id=CVE-2022-38390
17 Nov 2022 — Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. Varias versiones de IBM Business Automation Workflow son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario we... • https://exchange.xforce.ibmcloud.com/vulnerabilities/233978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-35279
https://notcve.org/view.php?id=CVE-2022-35279
03 Nov 2022 — "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3 y 22.0.1 podrían revelar información confidencial de la versión a usuarios autenticados qu... • https://www.ibm.com/support/pages/node/6829847 • CWE-312: Cleartext Storage of Sensitive Information •