CVE-2023-32339

Опубликовано: 27 июн. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.

Ссылки

https://https://www.ibm.com/support/pages/node/6998727
Patch
Vendor Advisory
https://https://www.ibm.com/support/pages/node/7001291
Patch
Vendor Advisory
https://www.ibm.com/support/pages/node/6998727
Patch
Vendor Advisory
https://https://www.ibm.com/support/pages/node/6998727
Patch
Vendor Advisory
https://https://www.ibm.com/support/pages/node/7001291
Patch
Vendor Advisory
https://www.ibm.com/support/pages/node/6998727
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_0012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_008:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_009:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_010:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_011:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:interim_fix_012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_002:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_003:*:*:*:*:*:*

cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_004:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00145

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-v37p-3q57-4gv2