CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2023-24957 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-24957
06 May 2023 — IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. • https://exchange.xforce.ibmcloud.com/vulnerabilities/246115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 52EXPL: 0CVE-2022-42435 – IBM Business Automation Workflow cross-site request forgery
https://notcve.org/view.php?id=CVE-2022-42435
03 Jan 2023 — IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0. 3 y 22.0.1 es vulnerable a Cross Site Request Forger... • https://exchange.xforce.ibmcloud.com/vulnerabilities/238054 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-38390
https://notcve.org/view.php?id=CVE-2022-38390
17 Nov 2022 — Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. Varias versiones de IBM Business Automation Workflow son vulnerables a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de usuario we... • https://exchange.xforce.ibmcloud.com/vulnerabilities/233978 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 0CVE-2022-35279
https://notcve.org/view.php?id=CVE-2022-35279
03 Nov 2022 — "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3 y 22.0.1 podrían revelar información confidencial de la versión a usuarios autenticados qu... • https://www.ibm.com/support/pages/node/6829847 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-22361
https://notcve.org/view.php?id=CVE-2022-22361
31 May 2022 — IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM Business ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/220784 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.9EPSS: 0%CPEs: 11EXPL: 0CVE-2021-39046
https://notcve.org/view.php?id=CVE-2021-39046
18 Mar 2022 — IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. IBM Business Automation Workflow versiones 18.0, 19.0, 20.0 y 21.0, e IBM Business Process Manager versiones 8.5 y 8.6, almacenan las credenciales de usuario en texto sin cifrar que puede leer un usuario privilegiado. IBM X-Force ID: 214346 • https://exchange.xforce.ibmcloud.com/vulnerabilities/214346 • CWE-522: Insufficiently Protected Credentials •
CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2021-38900
https://notcve.org/view.php?id=CVE-2021-38900
21 Dec 2021 — IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607. IBM Business Process Manager versiones 8.5 y 8.6, e IBM Business Automation Workflow versiones 18.0, 19.0, 20.0 y 21.0, podrían permitir a un usuario con privilegios conseguir información altamente confidencial debido a controles de acceso inapropiados. IBM X-Force ID: 209607 • https://exchange.xforce.ibmcloud.com/vulnerabilities/209607 •
CVSS: 6.4EPSS: 0%CPEs: 11EXPL: 0CVE-2021-38893
https://notcve.org/view.php?id=CVE-2021-38893
21 Dec 2021 — IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512. IBM Business Process Manager versiones 8.5 y 8.6 e IBM Business Automation Workflow versiones 18.0, 19.0, 20.0 y 21.0, son vulnerables a una at... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209512 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 18EXPL: 0CVE-2021-38883
https://notcve.org/view.php?id=CVE-2021-38883
17 Dec 2021 — IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165. IBM Business Automation Workflow versiones 18.0, 19.0, 20,0 y 21.0 e IBM Business Process Manager versiones 8.5 y 8.6, son vulnerables a un ataque de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/209165 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2021-29753
https://notcve.org/view.php?id=CVE-2021-29753
05 Nov 2021 — IBM Business Automation Workflow 18. 19, 20, 21, and IBM Business Process Manager 8.5 and d8.6 transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM Business Automation Workflow versiones 18. 19, 20, 21, e IBM Business Process Manager 8.5 y d8.6, transmite o almacena credenciales de autenticación, pero usa un método no seguro que es susceptible de ser interceptado y/o recuperado sin autorización • https://exchange.xforce.ibmcloud.com/vulnerabilities/201919 • CWE-319: Cleartext Transmission of Sensitive Information •