Cross site scripting

2023-02-2715:15:00

PRIOn knowledge base

www.prio-n.com

ibm cloud pak

business automation

cross-site scripting

vulnerability

web ui

credentials disclosure

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.

CPENameOperatorVersion
cloud_pak_for_business_automationeq21.0.1 interimfix7
cloud_pak_for_business_automationeq21.0.1 interimfix4
cloud_pak_for_business_automationeq21.0.1
cloud_pak_for_business_automationeq21.0.1 interimfix2
cloud_pak_for_business_automationeq21.0.1 interimfix3
cloud_pak_for_business_automationeq21.0.1 interimfix6
cloud_pak_for_business_automationeq21.0.1 interimfix5
cloud_pak_for_business_automationeq21.0.1 interimfix1
cloud_pak_for_business_automationeq21.0.2 interimfix9
cloud_pak_for_business_automationeq21.0.2 interimfix7

Name	Operator	Version
cloud_pak_for_business_automation	eq	21.0.1 interimfix7
cloud_pak_for_business_automation	eq	21.0.1 interimfix4
cloud_pak_for_business_automation	eq	21.0.1
cloud_pak_for_business_automation	eq	21.0.1 interimfix2
cloud_pak_for_business_automation	eq	21.0.1 interimfix3
cloud_pak_for_business_automation	eq	21.0.1 interimfix6
cloud_pak_for_business_automation	eq	21.0.1 interimfix5
cloud_pak_for_business_automation	eq	21.0.1 interimfix1
cloud_pak_for_business_automation	eq	21.0.2 interimfix9
cloud_pak_for_business_automation	eq	21.0.2 interimfix7