cbcvebase.
CVE-2023-22860
published 2023-02-27

CVE-2023-22860: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is…

medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.

Affected

12 ranges
VendorProductVersion rangeFixed in
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
ibmcloud_pak_for_business_automation
CVE-2023-22860 — Cross-site Scripting in IBM | cvebase