CVE-2023-33858
First published: Fri Sep 01 2023(Updated: )
IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Cloud Pak for Business Automation | <=V23.0.1 - V23.0.1-IF001 | |
| IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF023 | |
| IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF006 and later fixes V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixes V21.0.1 - V21.0.1-IF007 and later fixes V20.0.1 - V20.0.3 and later fixes V19.0.1 - V19.0.3 and later fixes V18.0.0 - V18.0.2 and later fixes |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-33858?
CVE-2023-33858 is considered a high severity vulnerability due to its potential for credential disclosure through cross-site scripting.
How do I fix CVE-2023-33858?
To fix CVE-2023-33858, upgrade to the latest patched version of IBM Cloud Pak for Business Automation as specified in the vendor's advisory.
Which versions of IBM Cloud Pak for Business Automation are affected by CVE-2023-33858?
CVE-2023-33858 affects IBM Cloud Pak for Business Automation versions up to V23.0.1-IF001, V21.0.3-IF023 and specified earlier versions.
What kind of attack does CVE-2023-33858 enable?
CVE-2023-33858 enables attackers to execute arbitrary JavaScript code in the Web UI, leading to potential credential theft.
Is user input affected by CVE-2023-33858?
Yes, CVE-2023-33858 allows users to inject malicious scripts through inputs, compromising user sessions in trusted environments.
- agent/severity
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/trending
- agent/tags
- agent/source
- vendor/ibm
- canonical/ibm cloud pak for business automation
- version/ibm cloud pak for business automation/v23.0.1 - v23.0.1-if001
- version/ibm cloud pak for business automation/v21.0.3 - v21.0.3-if023
- version/ibm cloud pak for business automation/v22.0.2 - v22.0.2-if006 and later fixes v22.0.1 - v22.0.1-if006 and later fixes v21.0.2 - v21.0.2-if012 and later fixes v21.0.1 - v21.0.1-if007 and later fixes v20.0.1 - v20.0.3 and later fixes v19.0.1 - v19.0.3 and later fixes v18.0.0 - v18.0.2 and later fixes