First published: Tue Dec 06 2022(Updated: )
IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 65687.
Credit: psirt@us.ibm.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Business Automation Workflow | >=19.0.0.1<=19.0.0.3 | |
IBM Business Automation Workflow | >=21.0.1<=21.0.3.1 | |
IBM Business Automation Workflow | =20.0.0.1 | |
IBM Business Automation Workflow | =20.0.0.1 | |
IBM Business Automation Workflow | =20.0.0.2 | |
IBM Business Automation Workflow | =20.0.0.2 | |
IBM Business Automation Workflow | =21.0.2 | |
IBM Business Automation Workflow | =21.0.3 | |
IBM Business Automation Workflow | =21.0.3-if002 | |
IBM Business Automation Workflow | =21.0.3-if005 | |
IBM Business Automation Workflow | =21.0.3-if006 | |
IBM Business Automation Workflow | =21.0.3-if007 | |
IBM Business Automation Workflow | =21.0.3-if008 | |
IBM Business Automation Workflow | =21.0.3-if009 | |
IBM Business Automation Workflow | =21.0.3-if010 | |
IBM Business Automation Workflow | =21.0.3-if011 | |
IBM Business Automation Workflow | =21.0.3-if012 | |
IBM Business Automation Workflow | =21.0.3-if013 | |
IBM Business Automation Workflow | =21.0.3-if014 | |
IBM Business Automation Workflow | =22.0.1 | |
IBM Business Automation Workflow | =22.0.1 | |
IBM Business Automation Workflow | =22.0.1-if001 | |
IBM Business Automation Workflow | =22.0.1-if002 | |
IBM Business Automation Workflow | =22.0.1-if003 | |
IBM Business Automation Workflow | =22.0.1-if004 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2022-41735.
The severity of CVE-2022-41735 is medium.
IBM Business Process Manager versions 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2, and 19.0.0.1 through 19.0.0.3 are affected by CVE-2022-41735.
CVE-2022-41735 allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credential theft or other malicious activities.
You can find more information about CVE-2022-41735 at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/237809), [Link 2](https://www.ibm.com/support/pages/node/6845496).