EUVD-2023-27569

Malicious code in bioql PyPI...

CVE-2023-23469

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

Design/Logic Flaw

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

CVE-2023-23469 IBM Cloud Pak for Business Automation information disclosure

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504...

CVE-2023-23469

CVE-2023-23469 affects IBM ICP4A - Automation Decision Services versions 18.0.0 through 22.0.2. The issue allows web pages to be stored locally and readable by another user on the same system, representing an information disclosure impact. The connected sources consistently describe this as a loc...

CVE-2021-29859

IBM ICP4A - User Management System Component IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007 could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information...

Input validation

IBM ICP4A - User Management System Component IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007 could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information...

CVE-2021-29859

IBM ICP4A - User Management System Component IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007 could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information...

CVE-2021-29859

CVE-2021-29859 affects IBM Cloud Pak for Business Automation, specifically IBM ICP4A - User Management System component in versions 21.0.3 (21.0.3-IF008), 21.0.2 (21.0.2-IF009), and 21.0.1 (21.0.1-IF007) and earlier. The issue arises from insufficient input/validation and logout handling, allowin...

Security Bulletin: Cross-Site Scripting vulnerability affect IBM Cloud Pak for Automation Workflow Process Service (CVE-2021-38893 CVE-2021-38966)

Summary Process Admin Console in IBM Cloud Pak for Automation Workflow is vulnerable to a Cross-Site Scripting attack. Vulnerability Details CVEID: CVE-2021-38966 DESCRIPTION: IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed...

Security Bulletin: Apache Log4j vulnerability affects IBM Cloud Pak for Automation (CVE-2021-44228)

Summary A remote code execution vulnerability has been reported for log4j-core-2.x libraries, which are used in various components of IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute arbitrary code...

Security Bulletin: vulnerability affect IBM Cloud Pak for Business Automation Workflow Process Service (CVE-2021-38900)

Summary IBM Cloud Pak for Business Automaion Workflow Process Service could allow a privileged user to obtain highly sensitive information due to improper access controls. Vulnerability Details CVEID: CVE-2021-38900 DESCRIPTION: IBM Business Automation Workflow could allow a privileged user to...