CVE-2021-38893

Summary

IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.

Affected Software

VendorProductVersion RangeStatus
IBMCloud Pak for Automation21.0.2affected
IBMBusiness Process Manager Standard8.5.5affected
IBMBusiness Process Manager Standard8.5.7.CF201706affected
IBMBusiness Process Manager Standard8.5.7.CF201703affected
IBMBusiness Process Manager Standard8.5.7.CF201612affected
IBMBusiness Process Manager Standard8.5.7.CF201609affected
IBMBusiness Process Manager Standard8.5.7.CF201606affected
IBMBusiness Process Manager Standard8.5.7affected
IBMBusiness Process Manager Standard8.5.6.2affected
IBMBusiness Process Manager Standard8.5.6.1affected
IBMBusiness Process Manager Standard8.5.6affected
IBMBusiness Process Manager Standard8.6affected
IBMBusiness Process Manager Standard8.5.0.2affected
IBMBusiness Process Manager Standard8.5.0.1affected
IBMBusiness Process Manager Standard8.5affected

Weaknesses

  • Cross-Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References