cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-43188,https://securityvulnerability.io/vulnerability/CVE-2024-43188,Improper Client Side Validation in IBM Business Automation Workflow,"IBM Business Automation Workflow versions 22.0.2, 23.0.1, 23.0.2, and 24.0.0 are susceptible to an implementation flaw where improper client side validation can allow a privileged user to execute unauthorized actions within the application. This weakness may be exploited to access or modify sensitive information, compromising the integrity of the system. Users are advised to apply necessary updates and adhere to best security practices to mitigate potential risks.",IBM,Business Automation Workflow,4.9,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-09-18T12:15:00.000Z,0
CVE-2024-38321,https://securityvulnerability.io/vulnerability/CVE-2024-38321,Log File Vulnerability Could Leak Sensitive Information,"IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 stores potentially sensitive information in log files under certain situations that could be read by an authenticated user.  IBM X-Force ID:  284868.",IBM,Business Automation Workflow,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,,false,false,,2024-08-03T14:15:00.000Z,0
CVE-2023-50947,https://securityvulnerability.io/vulnerability/CVE-2023-50947,IBM Business Automation Workflow Vulnerable to Cross-Site Scripting,"IBM Business Automation Workflow 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  275665.",IBM,Business Automation Workflow,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-02-04T01:15:00.000Z,0
CVE-2023-32339,https://securityvulnerability.io/vulnerability/CVE-2023-32339,IBM Business Automation Workflow cross-site scripting,IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  255587.,IBM,Business Automation Workflow,6.1,MEDIUM,0.000699999975040555,false,,false,false,false,,,false,false,,2023-06-27T17:15:00.000Z,0
CVE-2023-24957,https://securityvulnerability.io/vulnerability/CVE-2023-24957,IBM Business Automation Workflow cross-site scripting,"IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  246115.",IBM,Business Automation Workflow,5.4,MEDIUM,0.0005099999834783375,false,,false,false,false,,,false,false,,2023-05-06T03:15:00.000Z,0
CVE-2022-42435,https://securityvulnerability.io/vulnerability/CVE-2022-42435,IBM Business Automation Workflow cross-site request forgery,"
IBM Business Automation Workflow 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, and 22.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 238054.

",IBM,Business Automation Workflow,4.3,MEDIUM,0.0007300000288523734,false,,false,false,false,,,false,false,,2023-01-04T00:15:00.000Z,0
CVE-2022-38390,https://securityvulnerability.io/vulnerability/CVE-2022-38390,Cross-Site Scripting Vulnerability in IBM Business Automation Workflow,"Multiple versions of IBM Business Automation Workflow are affected by a cross-site scripting vulnerability. This issue enables users to inject arbitrary JavaScript code into the Web UI, which can manipulate the application's intended functionality. As a result, attackers may exploit this weakness to access sensitive information, including user credentials, within a trusted session. Organizations using these products should ensure they are updated to mitigate the risk associated with this vulnerability.",IBM,Business Automation Workflow,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-11-17T16:48:11.088Z,0
CVE-2022-35279,https://securityvulnerability.io/vulnerability/CVE-2022-35279,Information Disclosure in IBM Business Automation Workflow,"IBM Business Automation Workflow versions 18.0.0.0 to 22.0.1 are susceptible to an information disclosure vulnerability. This flaw allows authenticated users to access sensitive version information that might be exploited for further attacks on the system, posing a risk to the integrity and security of the application. It is crucial for users to address this vulnerability to ensure system protection and mitigate potential threats.",IBM,IBM Business Automation Workflow,4.3,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0
CVE-2022-22361,https://securityvulnerability.io/vulnerability/CVE-2022-22361,Cross-Site Request Forgery in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow and Business Process Manager are susceptible to cross-site request forgery (CSRF), exposing users to the risk of attackers executing unauthorized commands on behalf of legitimate users. A successful exploit could lead to significant security breaches, allowing malicious interactions from trusted accounts without proper authorization.",IBM,"Business Process Manager,Business Automation Workflow",4.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2022-05-31T16:15:00.000Z,0
CVE-2021-39046,https://securityvulnerability.io/vulnerability/CVE-2021-39046,Data Exposure Flaw in IBM Business Automation Workflow and Business Process Manager,"IBM Business Automation Workflow and Business Process Manager exhibit a vulnerability where user credentials are stored in plaintext. This flaw allows privileged users to access sensitive information without encryption, creating significant risks to data confidentiality and system integrity. Organizations using these products should assess their security posture and implement enhancements to mitigate the risks associated with credential exposure.",IBM,"Business Automation Workflow,Business Process Manager",4.9,MEDIUM,0.0005600000149570405,false,,false,false,false,,,false,false,,2022-03-18T16:15:00.000Z,0
CVE-2021-38900,https://securityvulnerability.io/vulnerability/CVE-2021-38900,Improper Access Control in IBM Business Process Manager and Automation Workflow,"IBM Business Process Manager and IBM Business Automation Workflow are affected by an issue that allows privileged users to bypass access controls and potentially gain access to sensitive information. This vulnerability stems from inadequate enforcement of access permissions, which could expose critical data to unauthorized users. Organizations utilizing these products should review their security configurations and implement available patches to mitigate the risks associated with this vulnerability.",IBM,"Business Automation Workflow,Cloud Pak For Automation",4.9,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-12-21T19:15:00.000Z,0
CVE-2021-38883,https://securityvulnerability.io/vulnerability/CVE-2021-38883,Cross-Site Scripting Vulnerability in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0, along with IBM Business Process Manager versions 8.5 and 8.6, are subject to a cross-site scripting vulnerability. This flaw enables attackers to inject arbitrary JavaScript code into the web user interface, which could manipulate the application's functionality and lead to unintended actions, including the potential exposure of sensitive user credentials during a session deemed trustworthy. Organizations utilizing these software solutions should ensure immediate remediation measures are in place.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-12-17T17:15:00.000Z,0
CVE-2021-29753,https://securityvulnerability.io/vulnerability/CVE-2021-29753,Insecure Credential Transmission in IBM Business Automation Workflow and Process Manager,"A vulnerability exists in IBM Business Automation Workflow and IBM Business Process Manager, where authentication credentials are transmitted or stored using insecure methods. This flaw exposes sensitive information to unauthorized interception and retrieval, increasing the risk of credential theft and potential compromise of secure systems. It is crucial for organizations using these products to implement appropriate security measures to mitigate this vulnerability.",IBM,"Business Process Manager,Business Automation Workflow",5.9,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2021-11-05T18:15:00.000Z,0
CVE-2021-29835,https://securityvulnerability.io/vulnerability/CVE-2021-29835,Cross-Site Scripting Vulnerability in IBM Business Automation Workflow,"IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0 are susceptible to a cross-site scripting vulnerability that enables attackers to embed arbitrary JavaScript code within the Web UI. This could compromise the integrity of the application, allowing malicious scripts to execute within trusted user sessions, potentially leading to the unauthorized disclosure of sensitive information such as user credentials.",IBM,Business Automation Workflow,5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,,false,false,,2021-10-22T19:15:00.000Z,0
CVE-2021-29878,https://securityvulnerability.io/vulnerability/CVE-2021-29878,Cross-Site Scripting Vulnerability in IBM Business Automation Workflow,"IBM Business Automation Workflow versions 18.0, 19.0, 20.0, and 21.0 are susceptible to cross-site scripting, allowing attackers to inject arbitrary JavaScript code into the web interface. This can compromise the intended functionality of the application and potentially lead to unauthorized access to user credentials within a trusted session. It is crucial for organizations to implement security measures to mitigate this vulnerability and ensure user safety.",IBM,Business Automation Workflow,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-10-18T17:15:00.000Z,0
CVE-2021-29834,https://securityvulnerability.io/vulnerability/CVE-2021-29834,Stored Cross-Site Scripting in IBM Business Automation Workflow and Process Manager,"IBM Business Automation Workflow and IBM Business Process Manager are subject to a stored cross-site scripting vulnerability that allows malicious actors to inject arbitrary JavaScript into the web user interface. This flaw enables the manipulation of the application’s functionality, which can lead to credential disclosure during a trusted user session. Users may inadvertently unknowingly execute harmful scripts when interacting with the compromised web UI, posing significant risks to sensitive information.",IBM,"Business Automation Workflow,Business Process Manager",6.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-09-29T16:15:00.000Z,0
CVE-2021-29775,https://securityvulnerability.io/vulnerability/CVE-2021-29775,,IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.,IBM,"Business Automation Workflow,Cloud Pak For Automation",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-29751,https://securityvulnerability.io/vulnerability/CVE-2021-29751,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.",IBM,"Business Process Manager,Business Automation Workflow,Cloud Pak For Automation",3.1,LOW,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2020-4768,https://securityvulnerability.io/vulnerability/CVE-2020-4768,,"IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907.",IBM,"Business Automation Workflow,Case Manager",4.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2021-02-11T17:15:00.000Z,0
CVE-2020-4794,https://securityvulnerability.io/vulnerability/CVE-2020-4794,,"IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445.",IBM,"Automation Workstream Services,Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005799999926239252,false,,false,false,false,,,false,false,,2020-12-21T18:15:00.000Z,0
CVE-2020-4900,https://securityvulnerability.io/vulnerability/CVE-2020-4900,,IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991.,IBM,Business Automation Workflow,5.1,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-11-30T16:15:00.000Z,0
CVE-2020-4672,https://securityvulnerability.io/vulnerability/CVE-2020-4672,,IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 186285.,IBM,Business Automation Workflow,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-11-16T17:15:00.000Z,0
CVE-2020-4531,https://securityvulnerability.io/vulnerability/CVE-2020-4531,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.",IBM,"Business Automation Workflow,Business Process Manager",5.3,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2020-09-25T17:15:00.000Z,0
CVE-2020-4530,https://securityvulnerability.io/vulnerability/CVE-2020-4530,,"IBM Business Automation Workflow C.D.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-ForceID: 182714.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-15T14:15:00.000Z,0
CVE-2020-4516,https://securityvulnerability.io/vulnerability/CVE-2020-4516,,"IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182371.",IBM,"Business Process Manager,Business Automation Workflow",5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2020-09-08T15:15:00.000Z,0