IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM Reference#: 213457065.
6.1CVSS
5.9AI Score
0.001EPSS
IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbitrary code on the system, caused by formula injection due to improper input validation.
8.8CVSS
8.9AI Score
0.004EPSS
IBM Resilient SOAR 40 and earlier could disclose sensitive information by allowing a user to enumerate usernames.
5.3CVSS
4.9AI Score
0.001EPSS
IBM Resilient OnPrem 38.2 could allow a privileged user to inject malicious commands through Python3 scripting. IBM X-Force ID: 185503.
7.2CVSS
6.6AI Score
0.001EPSS
IBM Resilient SOAR V38.0 could allow an attacker on the internal net work to provide the server with a spoofed source IP address. IBM X-Force ID: 190567.
4.3CVSS
4.4AI Score
0.0005EPSS
IBM Resilient SOAR V38.0 could allow a privileged user to create create malicious scripts that could be executed as another user. IBM X-Force ID: 198759.
7.2CVSS
6.6AI Score
0.001EPSS
IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. IBM X-Force ID: 203085.
4.7CVSS
4.5AI Score
0.001EPSS