CVE-2021-29878

Summary

IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581.

Affected Software

VendorProductVersion RangeStatus
IBMBusiness Automation Workflow18.0.0.0affected
IBMBusiness Automation Workflow18.0.0.1affected
IBMBusiness Automation Workflow18.0.0.2affected
IBMBusiness Automation Workflow19.0.0.1affected
IBMBusiness Automation Workflow19.0.0.2affected
IBMBusiness Automation Workflow19.0.0.3affected
IBMBusiness Automation Workflow20.0.0.1affected
IBMBusiness Automation Workflow20.0.0.2affected
IBMBusiness Automation Workflow21.0.2affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References