Cloud Pak For Business Automation@* Security Vulnerabilities and Issues — Cloud Pak For Business Automation@* CVE List

Lucene search

IbmCloud Pak For Business Automation*

7 matches found

CVE•added 2024/03/21 2:47 a.m.•65 views

CVE-2023-35899

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file con...

9.8CVSS7.2AI score0.00065EPSS

CVE•added 2024/07/08 3:15 a.m.•54 views

CVE-2024-37528

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web U...

5.4CVSS4.9AI score0.00095EPSS

CVE•added 2024/07/08 3:15 a.m.•53 views

CVE-2024-31897

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the ...

4.3CVSS4.4AI score0.0007EPSS

CVE•added 2025/05/03 7:15 p.m.•47 views

CVE-2025-1838

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

6.5CVSS6.3AI score0.00078EPSS

CVE•added 2025/05/03 4:15 p.m.•43 views

CVE-2024-41753

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leadin...

6.1CVSS6.5AI score0.0012EPSS

CVE•added 2023/02/01 7:15 p.m.•38 views

CVE-2023-23469

IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.

4CVSS3.3AI score0.00028EPSS

CVE•added 2024/02/04 1:15 a.m.•37 views

CVE-2023-50947

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-...

5.4CVSS5.2AI score0.00107EPSS