What is the severity of CVE-2023-32339?

CVE-2023-32339 has a moderate severity rating due to its potential for credential disclosure through cross-site scripting.

How do I fix CVE-2023-32339?

Fix CVE-2023-32339 by applying the appropriate security patches provided by IBM for the affected versions of Cloud Pak for Business Automation.

Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2023-32339?

Affected versions include IBM Cloud Pak for Business Automation from V18.0.0 to V22.0.2.

What impact does CVE-2023-32339 have on users?

CVE-2023-32339 allows unauthorized users to execute arbitrary JavaScript code, potentially altering the functionality of the web interface.

Is it safe to use IBM Cloud Pak for Business Automation without applying the fix for CVE-2023-32339?

Using IBM Cloud Pak for Business Automation without applying the fix for CVE-2023-32339 poses a risk of credential theft and should be addressed immediately.

Vulnerability/
CVE-2023-32339

medium

6.1

CWE

27/6/2023

6/11/2024

CVE-2023-32339: IBM Business Automation Workflow cross-site scripting

First published: Tue Jun 27 2023(Updated: )

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM Cloud Pak for Business Automation	<=V22.0.2 - V22.0.2-IF004
IBM Cloud Pak for Business Automation	<=V21.0.3 - V21.0.3-IF020
IBM Cloud Pak for Business Automation	<=V22.0.1 - V22.0.1-IF006 and later fixesV21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes
IBM Cloud Pak for Business Automation	=18.0.0
IBM Cloud Pak for Business Automation	=18.0.2
IBM Cloud Pak for Business Automation	=19.0.1
IBM Cloud Pak for Business Automation	=19.0.3
IBM Cloud Pak for Business Automation	=20.0.1
IBM Cloud Pak for Business Automation	=20.0.3
IBM Cloud Pak for Business Automation	=21.0.1
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.1-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.2
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_0012
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_008
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_009
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_010
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_011
IBM Cloud Pak for Business Automation	=21.0.2-interim_fix_012
IBM Cloud Pak for Business Automation	=21.0.3
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_001
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_002
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_003
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_004
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_005
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_006
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_007
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_008
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_009
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_010
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_011
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_012
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_013
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_014
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_015
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_016
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_017
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_018
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_019
IBM Cloud Pak for Business Automation	=21.0.3-interim_fix_020
IBM Cloud Pak for Business Automation	=22.0.1
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_001
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_002
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_003
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_004
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_005
IBM Cloud Pak for Business Automation	=22.0.1-interim_fix_006
IBM Cloud Pak for Business Automation	=22.0.2
IBM Cloud Pak for Business Automation	=22.0.2-interim_fix_001
IBM Cloud Pak for Business Automation	=22.0.2-interim_fix_002
IBM Cloud Pak for Business Automation	=22.0.2-interim_fix_003
IBM Cloud Pak for Business Automation	=22.0.2-interim_fix_004

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-6998727

Frequently Asked Questions

What is the severity of CVE-2023-32339?
CVE-2023-32339 has a moderate severity rating due to its potential for credential disclosure through cross-site scripting.
How do I fix CVE-2023-32339?
Fix CVE-2023-32339 by applying the appropriate security patches provided by IBM for the affected versions of Cloud Pak for Business Automation.
Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2023-32339?
Affected versions include IBM Cloud Pak for Business Automation from V18.0.0 to V22.0.2.
What impact does CVE-2023-32339 have on users?
CVE-2023-32339 allows unauthorized users to execute arbitrary JavaScript code, potentially altering the functionality of the web interface.
Is it safe to use IBM Cloud Pak for Business Automation without applying the fix for CVE-2023-32339?
Using IBM Cloud Pak for Business Automation without applying the fix for CVE-2023-32339 poses a risk of credential theft and should be addressed immediately.

agent/references
agent/type
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
agent/weakness
agent/author
agent/remedy
agent/description
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/severity
agent/first-publish-date
agent/event
collector/ibm-support
source/IBM
agent/software-canonical-lookup
agent/trending
agent/tags
agent/source
vendor/ibm
canonical/ibm cloud pak for business automation
version/ibm cloud pak for business automation/18.0.0
version/ibm cloud pak for business automation/18.0.2
version/ibm cloud pak for business automation/19.0.1
version/ibm cloud pak for business automation/19.0.3
version/ibm cloud pak for business automation/20.0.1
version/ibm cloud pak for business automation/20.0.3
version/ibm cloud pak for business automation/21.0.1
version/ibm cloud pak for business automation/21.0.1-interim_fix_001
version/ibm cloud pak for business automation/21.0.1-interim_fix_002
version/ibm cloud pak for business automation/21.0.1-interim_fix_003
version/ibm cloud pak for business automation/21.0.1-interim_fix_004
version/ibm cloud pak for business automation/21.0.1-interim_fix_005
version/ibm cloud pak for business automation/21.0.1-interim_fix_006
version/ibm cloud pak for business automation/21.0.1-interim_fix_007
version/ibm cloud pak for business automation/21.0.2
version/ibm cloud pak for business automation/21.0.2-interim_fix_001
version/ibm cloud pak for business automation/21.0.2-interim_fix_0012
version/ibm cloud pak for business automation/21.0.2-interim_fix_002
version/ibm cloud pak for business automation/21.0.2-interim_fix_003
version/ibm cloud pak for business automation/21.0.2-interim_fix_004
version/ibm cloud pak for business automation/21.0.2-interim_fix_005
version/ibm cloud pak for business automation/21.0.2-interim_fix_006
version/ibm cloud pak for business automation/21.0.2-interim_fix_007
version/ibm cloud pak for business automation/21.0.2-interim_fix_008
version/ibm cloud pak for business automation/21.0.2-interim_fix_009
version/ibm cloud pak for business automation/21.0.2-interim_fix_010
version/ibm cloud pak for business automation/21.0.2-interim_fix_011
version/ibm cloud pak for business automation/21.0.2-interim_fix_012
version/ibm cloud pak for business automation/21.0.3
version/ibm cloud pak for business automation/21.0.3-interim_fix_001
version/ibm cloud pak for business automation/21.0.3-interim_fix_002
version/ibm cloud pak for business automation/21.0.3-interim_fix_003
version/ibm cloud pak for business automation/21.0.3-interim_fix_004
version/ibm cloud pak for business automation/21.0.3-interim_fix_005
version/ibm cloud pak for business automation/21.0.3-interim_fix_006
version/ibm cloud pak for business automation/21.0.3-interim_fix_007
version/ibm cloud pak for business automation/21.0.3-interim_fix_008
version/ibm cloud pak for business automation/21.0.3-interim_fix_009
version/ibm cloud pak for business automation/21.0.3-interim_fix_010
version/ibm cloud pak for business automation/21.0.3-interim_fix_011
version/ibm cloud pak for business automation/21.0.3-interim_fix_012
version/ibm cloud pak for business automation/21.0.3-interim_fix_013
version/ibm cloud pak for business automation/21.0.3-interim_fix_014
version/ibm cloud pak for business automation/21.0.3-interim_fix_015
version/ibm cloud pak for business automation/21.0.3-interim_fix_016
version/ibm cloud pak for business automation/21.0.3-interim_fix_017
version/ibm cloud pak for business automation/21.0.3-interim_fix_018
version/ibm cloud pak for business automation/21.0.3-interim_fix_019
version/ibm cloud pak for business automation/21.0.3-interim_fix_020
version/ibm cloud pak for business automation/22.0.1
version/ibm cloud pak for business automation/22.0.1-interim_fix_001
version/ibm cloud pak for business automation/22.0.1-interim_fix_002
version/ibm cloud pak for business automation/22.0.1-interim_fix_003
version/ibm cloud pak for business automation/22.0.1-interim_fix_004
version/ibm cloud pak for business automation/22.0.1-interim_fix_005
version/ibm cloud pak for business automation/22.0.1-interim_fix_006
version/ibm cloud pak for business automation/22.0.2
version/ibm cloud pak for business automation/22.0.2-interim_fix_001
version/ibm cloud pak for business automation/22.0.2-interim_fix_002
version/ibm cloud pak for business automation/22.0.2-interim_fix_003
version/ibm cloud pak for business automation/22.0.2-interim_fix_004
version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if004
version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if020
version/ibm cloud pak for business automation/v22.0.1 - v22.0.1-if006 and later fixesv21.0.2 - v21.0.2-if012 and later fixesv21.0.1 - v21.0.1-if007 and later fixesv20.0.1 - v20.0.3 and later fixesv19.0.1 - v19.0.3 and later fixesv18.0.0 - v18.0.2 and later fixes

CVE-2023-32339: IBM Business Automation Workflow cross-site scripting

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2023-32339?

How do I fix CVE-2023-32339?

Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2023-32339?

What impact does CVE-2023-32339 have on users?

Is it safe to use IBM Cloud Pak for Business Automation without applying the fix for CVE-2023-32339?

Company

Resources

Contact