CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-50959 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-50959
31 Mar 2024 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938. IBM Cloud Pak para automatización empresarial 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1 y 23.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275938 • CWE-497: Exposure of Sensitive System Information to an Unauthorized Control Sphere •
CVSS: 5.5EPSS: 0%CPEs: 68EXPL: 0CVE-2023-50947 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-50947
04 Feb 2024 — IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. IBM Business Automation Workflow 22.0.2, 23.0.1 y 23.0.2 es vulnerable a Cross-Site Scripting. Esta vulnerabilidad permite a los usuarios incrustar código JavaScript arbitrario en la interfaz de ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/275665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 14EXPL: 0CVE-2023-35024 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-35024
14 Oct 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349. IBM Cloud Pak para Automatización Empresarial 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/258349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 61EXPL: 0CVE-2023-32339 – IBM Business Automation Workflow cross-site scripting
https://notcve.org/view.php?id=CVE-2023-32339
27 Jun 2023 — IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587. • https://https://www.ibm.com/support/pages/node/6998727 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 55EXPL: 0CVE-2023-22860 – IBM Cloud Pak for Business Automation cross-site scripting
https://notcve.org/view.php?id=CVE-2023-22860
27 Feb 2023 — IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 30EXPL: 0CVE-2023-23469 – IBM Cloud Pak for Business Automation information disclosure
https://notcve.org/view.php?id=CVE-2023-23469
01 Feb 2023 — IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. • https://exchange.xforce.ibmcloud.com/vulnerabilities/244504 • CWE-525: Use of Web Browser Cache Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2022-35280
https://notcve.org/view.php?id=CVE-2022-35280
10 Aug 2022 — IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 230634. IBM Robotic Process Automation versiones 21.0.0, 21.0.1 y 21.0.2, no exige que usuarios tengan contraseñas seguras por defecto, lo que facilita que atacantes puedan comprometer las cuentas de usuarios. IBM X-Force ID: 230634 • https://exchange.xforce.ibmcloud.com/vulnerabilities/230634 • CWE-521: Weak Password Requirements •
CVSS: 6.8EPSS: 0%CPEs: 27EXPL: 0CVE-2021-29859
https://notcve.org/view.php?id=CVE-2021-29859
02 May 2022 — IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. IBM ICP4A - User Management System Component (IBM Cloud Pak for Business Automation versiones V21.0.3 hasta V21.0.... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206081 •
CVSS: 5.4EPSS: 0%CPEs: 16EXPL: 0CVE-2021-29872
https://notcve.org/view.php?id=CVE-2021-29872
18 Jan 2022 — IBM Cloud Pak for Automation 21.0.1 and 21.0.2 - Business Automation Studio Component is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 206228. IBM Cloud Pak for Au... • https://exchange.xforce.ibmcloud.com/vulnerabilities/206228 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-38966
https://notcve.org/view.php?id=CVE-2021-38966
21 Dec 2021 — IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357. IBM Cloud Pak for Automation versión 21.0.2, es vulnerable a un ataque de tipo cross-site scripting. Esta vulnerabilidad permite a usuarios insertar código JavaScript arbitrario en la Interfaz de Usuario Web, alterando ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/212357 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •