Ibm

Business Automation Workflow

52 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2022-43864

  • EPSS 0.92%
  • Veröffentlicht 26.01.2023 21:17:48
  • Zuletzt bearbeitet 21.11.2024 07:27:17

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Fo...

8.8

CVE-2022-42435

  • EPSS 0.11%
  • Veröffentlicht 04.01.2023 00:15:10
  • Zuletzt bearbeitet 21.11.2024 07:24:57

IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthoriz...

6.1

CVE-2022-41735

  • EPSS 0.32%
  • Veröffentlicht 07.12.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:23:45

IBM Business Process Manager 21.0.1 through 21.0.3.1, 20.0.0.1 through 20.0.0.2 19.0.0.1 through 19.0.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intend...

5.4

CVE-2022-38390

  • EPSS 0.28%
  • Veröffentlicht 17.11.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 07:16:22

Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials di...

4.3

CVE-2022-35279

  • EPSS 0.12%
  • Veröffentlicht 03.11.2022 20:15:28
  • Zuletzt bearbeitet 02.05.2025 21:15:17

"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks ag...

6.5

CVE-2022-22361

  • EPSS 0.08%
  • Veröffentlicht 31.05.2022 16:15:07
  • Zuletzt bearbeitet 21.11.2024 06:46:42

IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 - V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business...

4.9

CVE-2021-39046

  • EPSS 0.15%
  • Veröffentlicht 18.03.2022 16:15:08
  • Zuletzt bearbeitet 21.11.2024 06:18:29

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.

6.5

CVE-2021-38900

  • EPSS 0.25%
  • Veröffentlicht 21.12.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:10

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 could allow a privileged user to obtain highly sensitive information due to improper access controls. IBM X-Force ID: 209607.

5.4

CVE-2021-38893

  • EPSS 0.22%
  • Veröffentlicht 21.12.2021 19:15:07
  • Zuletzt bearbeitet 21.11.2024 06:18:09

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the ...

5.4

CVE-2021-38883

  • EPSS 0.16%
  • Veröffentlicht 17.12.2021 17:15:13
  • Zuletzt bearbeitet 21.11.2024 06:18:08

IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intende...