CVE-2021-29775

Summary

IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Automation Workflow18.0.0.0affected
IBMBusiness Automation Workflow18.0.0.1affected
IBMBusiness Automation Workflow18.0.0.2affected
IBMBusiness Automation Workflow19.0.0.1affected
IBMBusiness Automation Workflow19.0.0.2affected
IBMBusiness Automation Workflow19.0.0.3affected
IBMBusiness Automation Workflow20.0.0.1affected
IBMBusiness Automation Workflow20.0.0.2affected
IBMCloud Pak for Automation20.0.3.IF002affected
IBMCloud Pak for Automation21.0.1affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References