First published: Thu Oct 21 2021(Updated: )
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204833.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | =18.0.0.0 | |
IBM Business Automation Workflow | =19.0.0.0 | |
IBM Business Automation Workflow | =20.0.0.0 | |
IBM Business Automation Workflow | =21.0.0.0 | |
<=V21.0V20.0V19.0V18.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-29835 is a vulnerability in IBM Business Automation Workflow and IBM Business Process Manager that allows users to embed arbitrary JavaScript code in the Web UI, potentially leading to credentials disclosure.
CVE-2021-29835 has a severity rating of 6.1 (medium).
If you are using IBM Business Automation Workflow versions 18.0, 19.0, 20.0, or 21.0, you may be affected by CVE-2021-29835.
To fix CVE-2021-29835, it is recommended to upgrade to a patched version of IBM Business Automation Workflow or apply the necessary fixes provided by IBM.
You can find more information about CVE-2021-29835 on the IBM X-Force Exchange website and the IBM support pages.