CVE-2024-54179

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 77.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Business Automation Workflow IBM Business Automation Workflow Enterprise Service BUS

Timeline

PublishedMar 3

Description

IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶CVEListV5ibm/business_automation_workflow_enterprise_service_bus24.0.0, 24.0.1

▶NVDibm/business_automation_workflow24.0.1+2

▶CVEListV5ibm/business_automation_workflow24.0.0, 24.0.1+1

🔴Vulnerability Details

CVEList

IBM Business Automation Workflow cross-site scripting↗2025-03-03

▶

GHSA

GHSA-349h-vrrw-f3cp: IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24↗2025-03-03

▶