3 matches found
CVE-2024-54181
IBM WebSphere Automation 1.7.5 is vulnerable to an OS Command Injection due to improper neutralization of inputs in the Swagger UI. A remote privileged user with Swagger UI access can execute arbitrary code on the system. IBM’s security bulletin confirms affected version 1.7.5 and recommends upgr...
CVE-2024-28775
IBM WebSphere Automation 1.7.0 is affected by a cross-site scripting (XSS) vulnerability that can allow embedding arbitrary JavaScript in the Web UI, potentially altering functionality and leading to credentials disclosure within a trusted session. The issue is documented in various feeds, with I...
CVE-2024-28764
IBM WebSphere Automation 1.7.0 is affected by a CSV injection vulnerability caused by improper validation of CSV file contents. An attacker with privileged network access could execute arbitrary commands on the system (impacting confidentiality, integrity, and availability). The issue stems from ...