Summary
| Detail | |||
|---|---|---|---|
| Vendor | Ibm | First view | 2022-05-31 |
| Product | Business Automation Workflow | Last view | 2024-02-04 |
| Version | 21.0.2 | Type | Application |
| Update | if006 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:ibm:business_automation_workflow | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 5.4 | 2024-02-04 | CVE-2023-50947 | IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665. |
| 5.4 | 2023-05-06 | CVE-2023-24957 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. |
| 7.5 | 2023-01-26 | CVE-2022-43864 | IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427. |
| 8.8 | 2023-01-04 | CVE-2022-42435 | IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054. |
| 6.1 | 2022-12-07 | CVE-2022-41735 | IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687. |
| 5.4 | 2022-11-17 | CVE-2022-38390 | Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. |
| 6.5 | 2022-05-31 | CVE-2022-22361 | IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 57% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 28% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 14% (1) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
