Lucene search
HistoryFeb 04, 2024 - 1:15 a.m.
CVE-2023-50947
ibm
business automation workflow
cross-site scripting
vulnerability
javascript
web ui
credentials disclosure
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 275665.
Affected configurations
Node
ibmbusiness_automation_workflowRange19.0.0.1–19.0.0.3traditional
ORibmbusiness_automation_workflowRange21.0.1–21.0.3.1traditional
ORibmbusiness_automation_workflowMatch20.0.0.1-
ORibmbusiness_automation_workflowMatch20.0.0.1traditional
ORibmbusiness_automation_workflowMatch20.0.0.2-
ORibmbusiness_automation_workflowMatch20.0.0.2traditional
ORibmbusiness_automation_workflowMatch21.0.2-
ORibmbusiness_automation_workflowMatch21.0.3-containers
ORibmbusiness_automation_workflowMatch21.0.3if002containers
ORibmbusiness_automation_workflowMatch21.0.3if005containers
ORibmbusiness_automation_workflowMatch21.0.3if006containers
ORibmbusiness_automation_workflowMatch21.0.3if007containers
ORibmbusiness_automation_workflowMatch21.0.3if008containers
ORibmbusiness_automation_workflowMatch21.0.3if009containers
ORibmbusiness_automation_workflowMatch21.0.3if010containers
ORibmbusiness_automation_workflowMatch21.0.3if011containers
ORibmbusiness_automation_workflowMatch21.0.3if012containers
ORibmbusiness_automation_workflowMatch21.0.3if013containers
ORibmbusiness_automation_workflowMatch21.0.3if014containers
ORibmbusiness_automation_workflowMatch21.0.3if015containers
ORibmbusiness_automation_workflowMatch21.0.3if016containers
ORibmbusiness_automation_workflowMatch21.0.3if017containers
ORibmbusiness_automation_workflowMatch21.0.3if028containers
ORibmbusiness_automation_workflowMatch22.0.1-
ORibmbusiness_automation_workflowMatch22.0.1traditional
ORibmbusiness_automation_workflowMatch22.0.2-
ORibmbusiness_automation_workflowMatch22.0.2enterprise_service_bus
ORibmbusiness_automation_workflowMatch22.0.2traditional
ORibmbusiness_automation_workflowMatch23.0.1-
ORibmbusiness_automation_workflowMatch23.0.1enterprise_service_bus
ORibmbusiness_automation_workflowMatch23.0.1traditional
ORibmbusiness_automation_workflowMatch23.0.2enterprise_service_bus
ORibmcloud_pak_for_business_automationRange18.0.0–18.0.2
ORibmcloud_pak_for_business_automationRange19.0.1–19.0.3
ORibmcloud_pak_for_business_automationRange20.0.1–20.0.3
ORibmcloud_pak_for_business_automationMatch21.0.1
ORibmcloud_pak_for_business_automationMatch21.0.3-
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_001
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_002
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_003
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_004
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_005
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_006
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_007
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_008
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_009
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_010
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_011
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_012
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_013
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_014
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_015
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_016
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_017
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_018
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_019
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_020
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_021
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_022
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_023
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_024
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_025
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_026
ORibmcloud_pak_for_business_automationMatch21.0.3interim_fix_028
ORibmcloud_pak_for_business_automationMatch22.0.1
ORibmcloud_pak_for_business_automationMatch22.0.2
ORibmcloud_pak_for_business_automationMatch23.0.1
ORibmcloud_pak_for_business_automationMatch23.0.2
Related
cve
cve
CVE-2023-50947
2024-02-04 01:15:25
ibm
ibm
prion
prion
Cross site scripting
2024-02-04 01:15:00
cvelist
cvelist
CVE-2023-50947 IBM Business Automation Workflow cross-site scripting
2024-02-04 00:11:02
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.4%
Related for NVD:CVE-2023-50947