Lucene search

K
ibmIBM840E070E87E722FD4E6368C54E1351D8CB923D5AF9C7578F5A267144A89AD358
HistoryApr 30, 2024 - 4:33 p.m.

Security Bulletin: IBM WebSphere Automation is vulnerable to cross-site scripting (CVE-2024-28775)

2024-04-3016:33:52
www.ibm.com
6
ibm websphere automation
xss vulnerability
cve-2024-28775
upgrade
version 1.7.1

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Summary

IBM WebSphere Automation is vulnerable to cross-site scripting.

Vulnerability Details

CVEID:CVE-2024-28775
**DESCRIPTION:**IBM WebSphere Automation is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Base score: 4.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/285648 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM WebSphere Automation 1.7.0

Remediation/Fixes

IBM strongly recommends addressing the vulnerability now by upgrading to 1.7.1 or higher.

Follow https://www.ibm.com/docs/en/ws-automation?topic=installing-validating-installation to confirm the WebSphere Automation operator version.

Follow <https://www.ibm.com/docs/en/ws-automation?topic=installing-updating-websphere-automation&gt; to update the WebSphere Automation operator installation.

Workarounds and Mitigations

None

Affected configurations

Vulners
Node
ibmwebsphereMatch1.7.0
CPENameOperatorVersion
ibm websphere automationeq1.7.0

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for 840E070E87E722FD4E6368C54E1351D8CB923D5AF9C7578F5A267144A89AD358