Ibm

Cloud Pak For Business Automation

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-36023

  • EPSS 0.03%
  • Published 08.08.2025 14:51:12
  • Last modified 15.08.2025 18:19:48

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

6.5

CVE-2025-1838

Media report
  • EPSS 0.08%
  • Published 03.05.2025 18:23:26
  • Last modified 14.08.2025 01:53:13

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

4.3

CVE-2025-1495

Media report
  • EPSS 0.02%
  • Published 03.05.2025 16:53:00
  • Last modified 14.08.2025 01:52:35

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

6.1

CVE-2024-41753

  • EPSS 0.06%
  • Published 03.05.2025 16:15:19
  • Last modified 14.08.2025 01:51:25

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus alter...

5.4

CVE-2024-52365

  • EPSS 0.05%
  • Published 05.02.2025 12:15:28
  • Last modified 12.08.2025 16:28:43

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to ...

5.4

CVE-2024-52364

  • EPSS 0.1%
  • Published 05.02.2025 12:15:28
  • Last modified 12.08.2025 16:30:44

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed a...

6.5

CVE-2024-49348

  • EPSS 0.06%
  • Published 05.02.2025 12:15:28
  • Last modified 12.08.2025 16:36:42

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of ty...

5.4

CVE-2024-37528

  • EPSS 0.19%
  • Published 08.07.2024 03:15:02
  • Last modified 21.11.2024 09:24:00

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged use...

4.3

CVE-2024-31897

  • EPSS 0.07%
  • Published 08.07.2024 03:15:02
  • Last modified 21.11.2024 09:14:06

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated...

6.5

CVE-2023-50959

  • EPSS 0.05%
  • Published 31.03.2024 12:15:50
  • Last modified 21.11.2024 08:37:36

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterpri...