CVSS: 5.5EPSS: 0%CPEs: 70EXPL: 0CVE-2024-37528 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2024-37528
08 Jul 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0... • https://exchange.xforce.ibmcloud.com/vulnerabilities/294293 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 70EXPL: 0CVE-2024-31897 – IBM Cloud Pak for Business Automation server-side request forgery
https://notcve.org/view.php?id=CVE-2024-31897
08 Jul 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178. IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/288178 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
31 Mar 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 68EXPL: 0CVE-2023-50947 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50947
04 Feb 2024 — IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 54EXPL: 0CVE-2023-40691 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-40691
18 Dec 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1 y 22.0.2 pueden revelar información confidencial contenida en la configuraci... • https://exchange.xforce.ibmcloud.com/vulnerabilities/264805 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35024 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-35024
14 Oct 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. IBM Cloud Pak para Automatización Empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/258349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 61EXPL: 0CVE-2023-32339 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-32339
27 Jun 2023 — IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587. • https://https://www.ibm.com/support/pages/node/6998727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2023-22860 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22860
27 Feb 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0CVE-2023-23469 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23469
01 Feb 2023 — IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244504 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35280
https://notcve.org/view.php?id=CVE-2022-35280
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, no exige que usuarios tengan contraseñas seguras por defecto, lo que facilita que atacantes puedan comprometer las cuentas de usuarios. IBM X-Force ID: 230634 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230634 • CWE-521: Weak Password Requirements •