CVE-2024-54179
published 2025-03-03CVE-2024-54179: IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
IBM Business Automation Workflow and IBM Business Automation Workflow Enterprise Service Bus 24.0.0, 24.0.1 and earlier unsupported versions are vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | business_automation_workflow | <= 24.0.1 | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow | — | — |
| ibm | business_automation_workflow_enterprise_service_bus | — | — |