First published: Fri Jun 25 2021(Updated: )
IBM Business Process Manager is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | <=V20.0V19.0.0.3 | |
IBM Business Automation Workflow | =19.0.0.3 | |
IBM Business Automation Workflow | =20.0.0.0 | |
IBM Cloud Pak for Automation | =20.0.3-if002 | |
IBM Cloud Pak for Automation | =21.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this IBM Business Process Manager vulnerability is CVE-2021-29775.
The severity level of CVE-2021-29775 is medium with a CVSS score of 6.4.
IBM Business Automation Workflow version 19.0.03 and version 20.0 are affected by CVE-2021-29775.
IBM Cloud Pak for Automation version 20.0.3-IF002 and version 21.0.1 are affected by CVE-2021-29775.
This vulnerability allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to unauthorized access or manipulation of data.