Ibm

Cloud Pak For Business Automation

23 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2024-49348

  • EPSS 0.09%
  • Veröffentlicht 05.02.2025 12:15:28
  • Zuletzt bearbeitet 12.08.2025 16:36:42

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of ty...

5.4

CVE-2024-37528

  • EPSS 0.21%
  • Veröffentlicht 08.07.2024 03:15:02
  • Zuletzt bearbeitet 21.11.2024 09:24:00

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged use...

4.3

CVE-2024-31897

  • EPSS 0.12%
  • Veröffentlicht 08.07.2024 03:15:02
  • Zuletzt bearbeitet 21.11.2024 09:14:06

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated...

6.5

CVE-2023-50959

  • EPSS 0.05%
  • Veröffentlicht 31.03.2024 12:15:50
  • Zuletzt bearbeitet 21.11.2024 08:37:36

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterpri...

9.8

CVE-2023-35899

  • EPSS 0.09%
  • Veröffentlicht 21.03.2024 02:47:58
  • Zuletzt bearbeitet 05.03.2025 18:24:35

IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the syst...

6.5

CVE-2023-38367

  • EPSS 0.06%
  • Veröffentlicht 29.02.2024 02:15:09
  • Zuletzt bearbeitet 27.03.2025 15:15:46

IBM Cloud Pak Foundational Services Identity Provider (idP) API (IBM Cloud Pak for Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2) allows CRUD Operations with an invalid t...

5.4

CVE-2023-50947

  • EPSS 0.11%
  • Veröffentlicht 04.02.2024 01:15:25
  • Zuletzt bearbeitet 21.11.2024 08:37:35

IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to creden...

4.9

CVE-2023-40691

  • EPSS 0.05%
  • Veröffentlicht 18.12.2023 21:15:08
  • Zuletzt bearbeitet 21.11.2024 08:19:58

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administ...

7.6

CVE-2023-35024

  • EPSS 0.06%
  • Veröffentlicht 14.10.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:07:50

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScr...

6.1

CVE-2023-32339

  • EPSS 0.15%
  • Veröffentlicht 27.06.2023 17:15:09
  • Zuletzt bearbeitet 21.11.2024 08:03:08

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a t...