Ibm

Cloud Pak For Business Automation

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-36023

  • EPSS 0.03%
  • Veröffentlicht 08.08.2025 14:51:12
  • Zuletzt bearbeitet 15.08.2025 18:19:48

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key.

6.5

CVE-2025-1838

Medienbericht
  • EPSS 0.08%
  • Veröffentlicht 03.05.2025 18:23:26
  • Zuletzt bearbeitet 14.08.2025 01:53:13

IBM Cloud Pak for Business Automation 24.0.0 and 24.0.1 through 24.0.1 IF001 Authoring allows an authenticated user to bypass client-side data validation in an authoring user interface which could cause a denial of service.

4.3

CVE-2025-1495

Medienbericht
  • EPSS 0.02%
  • Veröffentlicht 03.05.2025 16:53:00
  • Zuletzt bearbeitet 14.08.2025 01:52:35

IBM Business Automation Workflow 24.0.0 and 24.0.1 through 24.0.1 IF001 Center may leak sensitive information due to missing authorization validation.

6.1

CVE-2024-41753

  • EPSS 0.06%
  • Veröffentlicht 03.05.2025 16:15:19
  • Zuletzt bearbeitet 14.08.2025 01:51:25

IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus alter...

5.4

CVE-2024-52365

  • EPSS 0.05%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:28:43

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to ...

5.4

CVE-2024-52364

  • EPSS 0.1%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:30:44

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed a...

6.5

CVE-2024-49348

  • EPSS 0.06%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:36:42

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of ty...

5.4

CVE-2024-37528

  • EPSS 0.19%
  • Veröffentlicht 08.07.2024 03:15:02
  • Zuletzt bearbeitet 21.11.2024 09:24:00

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged use...

4.3

CVE-2024-31897

  • EPSS 0.07%
  • Veröffentlicht 08.07.2024 03:15:02
  • Zuletzt bearbeitet 21.11.2024 09:14:06

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated...

6.5

CVE-2023-50959

  • EPSS 0.05%
  • Veröffentlicht 31.03.2024 12:15:50
  • Zuletzt bearbeitet 21.11.2024 08:37:36

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterpri...