CVE-2021-38893

🗓️ 21 Dec 2021 19:10:14Reported by ibmType

IBM Business Process Manager and IBM Business Automation Workflow vulnerable to stored XSS, leading to potential credentials disclosure

Reporter	Title	Published	Views	Family All 12
IBM Security Bulletins	Security Bulletin: Multiple security vulnerability are addressed in monthly security fix for IBM Cloud Pak for Business Automation February 2022	10 Mar 202221:42	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-site scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38893	5 Apr 202221:21	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-Site Scripting vulnerability affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2021-38893	10 Mar 202221:29	–	ibm
IBM Security Bulletins	Security Bulletin: Cross-Site Scripting vulnerability affect IBM Cloud Pak for Automation Workflow Process Service (CVE-2021-38893 CVE-2021-38966)	10 Mar 202222:22	–	ibm
Circl	CVE-2021-38893	21 Dec 202122:13	–	circl
CNNVD	IBM Business Automation Workflow 跨站脚本漏洞	17 Dec 202100:00	–	cnnvd
CNVD	IBM Business Automation Workflow Cross-Site Scripting Vulnerability (CNVD-2022-15537)	21 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-38893	21 Dec 202119:10	–	cvelist
EUVD	EUVD-2021-25330	7 Oct 202500:30	–	euvd
NVD	CVE-2021-38893	21 Dec 202119:15	–	nvd

NVD

Vulners

Node

ibm business_automation_workflowMatch18.0.0.0

ibm business_automation_workflowMatch19.0.0.0

ibm business_automation_workflowMatch20.0.0.0

ibm business_automation_workflowMatch21.0.0.0-

ibm business_process_managerMatch8.5.0.0

ibm business_process_managerMatch8.5.5.0standard

ibm business_process_managerMatch8.5.7.0cf201612standard

ibm business_process_managerMatch8.5.7.0cf201703standard

ibm business_process_managerMatch8.5.7.0cf201706standard

ibm business_process_managerMatch8.6.0.0--

ibm workflow_process_serviceMatch21.0.2

[
  {
    "product": "Cloud Pak for Automation",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "21.0.2"
      }
    ]
  },
  {
    "product": "Business Process Manager Standard",
    "vendor": "IBM",
    "versions": [
      {
        "status": "affected",
        "version": "8.5.5"
      },
      {
        "status": "affected",
        "version": "8.5.7.CF201706"
      },
      {
        "status": "affected",
        "version": "8.5.7.CF201703"
      },
      {
        "status": "affected",
        "version": "8.5.7.CF201612"
      },
      {
        "status": "affected",
        "version": "8.5.7.CF201609"
      },
      {
        "status": "affected",
        "version": "8.5.7.CF201606"
      },
      {
        "status": "affected",
        "version": "8.5.7"
      },
      {
        "status": "affected",
        "version": "8.5.6.2"
      },
      {
        "status": "affected",
        "version": "8.5.6.1"
      },
      {
        "status": "affected",
        "version": "8.5.6"
      },
      {
        "status": "affected",
        "version": "8.6"
      },
      {
        "status": "affected",
        "version": "8.5.0.2"
      },
      {
        "status": "affected",
        "version": "8.5.0.1"
      },
      {
        "status": "affected",
        "version": "8.5"
      }
    ]
  }
]

Source	Link
ibm	www.ibm.com/support/pages/node/6527782
ibm	www.ibm.com/support/pages/node/6526488
exchange	www.exchange.xforce.ibmcloud.com/vulnerabilities/209512

21 Nov 2024 06:18Current

5.2Medium risk

Vulners AI Score5.2

CVSS 23.5

CVSS 3.15.4

CVSS 36.4

EPSS0.00216

CWE-79