CVE-2024-41753
published 2025-05-03CVE-2024-41753: IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF004 and 24.0.1 through 24.0.1 IF001 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | cloud_pak_for_business_automation | — | — |
| ibm | cloud_pak_for_business_automation | — | — |
| ibm | cloud_pak_for_business_automation | 24.0.0 – 24.0.0 IF004 | — |
| ibm | cloud_pak_for_business_automation | 24.0.1 – 24.0.1 IF001 | — |