Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBM9369A3893BE2E7675C1F6AB14BB8BD6C4436777C72CCEC8A31FB89653DA3C68F
HistoryAug 30, 2021 - 8:31 p.m.

Security Bulletin: Multiple security vulnerabilities with IBM Content Navigator component in IBM Business Automation Workflow - CVE-2021-20448, CVE-2021-20549, CVE-2021-20550, CVE-2021-29714

2021-08-3020:31:59
www.ibm.com
6

0.001 Low

EPSS

Percentile

34.4%

JSON

Summary

The embedded IBM Content Navigator component, that is shipped with IBM Business Automation Workflow is vulnerable to multiple vulnerabilities.

Vulnerability Details

CVEID:CVE-2021-20550
**DESCRIPTION:**IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199168.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199168 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-29714
**DESCRIPTION:**IBM Content Navigator 3.0.CD could allow a malicious user to cause a denial of service due to improper input validation. IBM X-Force ID: 200968.
CVSS Base score: 6.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/200968 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-20549
**DESCRIPTION:**IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199167.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/199167 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

CVEID:CVE-2021-20448
**DESCRIPTION:**IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624.
CVSS Base score: 5.4
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/196624 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Affected Products and Versions

Affected Product(s) Version(s)
IBM Business Automation Workflow v19.0.0.x
IBM Business Automation Workflow v20.0.0.x

Remediation/Fixes

The recommended solution is to apply the Interim Fix (iFix) or Cumulative Fix (CF) containing APAR JR63612 as soon as practical:

For Business Automation Workflow v19.0.0.x
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR63133
--ORโ€“
ยท Apply cumulative fix Business Automation Workflow V21.0.2 or later

For Business Automation Workflow v20.0.0.x
ยท Upgrade to minimal cumulative fix levels as required by iFix and then apply iFix JR63612
--ORโ€“
ยท Apply cumulative fix Business Automation Workflow V21.0.2 or later

Workarounds and Mitigations

None

Related

ibm 4
cve 4
cnvd 1
nvd 4
cvelist 4
prion 4
ibm
ibm
Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting
2021-04-26 16:42:26
Security Bulletin: ICN Is Vulnerable to Improper Input Validation
2021-08-07 00:01:05
Security Bulletin: IBM Content Navigator is vulnerable to cross-site scripting.
2021-04-26 16:33:28
cve
cve
CVE-2021-29714
2021-08-09 16:15:07
CVE-2021-20550
2021-04-27 17:15:08
CVE-2021-20448
2021-04-27 17:15:08
cnvd
cnvd
IBM Content Navigator Denial of Service Vulnerability
2021-08-10 00:00:00
nvd
nvd
CVE-2021-29714
2021-08-09 16:15:07
CVE-2021-20550
2021-04-27 17:15:08
CVE-2021-20549
2021-04-27 17:15:08
cvelist
cvelist
CVE-2021-29714
2021-08-06 00:00:00
CVE-2021-20550
2021-04-26 00:00:00
CVE-2021-20448
2021-04-26 00:00:00
prion
prion
Input validation
2021-08-09 16:15:00
Cross site scripting
2021-04-27 17:15:00
Cross site scripting
2021-04-27 17:15:00

0.001 Low

EPSS

Percentile

34.4%

JSON
Related for 9369A3893BE2E7675C1F6AB14BB8BD6C4436777C72CCEC8A31FB89653DA3C68F
ibm4cve4cnvd1nvd4cvelist4prion4