cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-49348,https://securityvulnerability.io/vulnerability/CVE-2024-49348,Access Control Vulnerability in IBM Cloud Pak for Business Automation,"An access control vulnerability in IBM Cloud Pak for Business Automation allows improperly restricted access to organizational data. Specifically, the reassignment of comment tasks through an API inadvertently enables access to user queries in contexts that should be limited, posing a risk for unauthorized data visibility.",IBM,Cloud Pak For Business Automation,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:30:05.572Z,0 CVE-2024-52365,https://securityvulnerability.io/vulnerability/CVE-2024-52365,Stored Cross-Site Scripting in IBM Cloud Pak for Business Automation,"The IBM Cloud Pak for Business Automation contains a vulnerability that allows authenticated users to execute arbitrary JavaScript code through stored cross-site scripting. This weakness can be exploited via the web interface, enabling attackers to manipulate the application's functionality and potentially expose sensitive information, including user credentials during trusted sessions.",IBM,Cloud Pak For Business Automation,6.4,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:28:32.866Z,0 CVE-2024-52364,https://securityvulnerability.io/vulnerability/CVE-2024-52364,Cross-Site Scripting Vulnerability in IBM Cloud Pak for Business Automation,"IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 are susceptible to a cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code into the Web UI. This injection can compromise the functionality of the application and potentially lead to the unauthorized disclosure of user credentials within a trusted session, posing significant security risks.",IBM,Cloud Pak For Business Automation,5.4,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:22:17.219Z,0 CVE-2024-51457,https://securityvulnerability.io/vulnerability/CVE-2024-51457,Cross-Site Scripting Vulnerability in IBM Robotic Process Automation,"IBM Robotic Process Automation for Cloud Pak versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 is vulnerable to cross-site scripting. This security flaw allows authenticated users to embed malicious JavaScript code in the web UI, which can manipulate intended functionality and potentially lead to the disclosure of sensitive credentials during trusted sessions. Organizations using affected versions should prioritize patching to mitigate the risks associated with this vulnerability.",IBM,Robotic Process Automation For Cloud Pak,4.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-22T16:36:54.641Z,0 CVE-2024-49824,https://securityvulnerability.io/vulnerability/CVE-2024-49824,Improper Validation Vulnerability in IBM Robotic Process Automation,"The vulnerability in IBM Robotic Process Automation affects several versions, allowing an authenticated user to execute unauthorized actions as a privileged user. This is due to a failure in proper validation of client-side security enforcement measures, which could potentially enable malicious actors to bypass intended access controls. It is crucial for users of affected versions to implement necessary security patches and advisories provided by IBM to safeguard against this vulnerability.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-18T15:11:58.522Z,0 CVE-2024-37528,https://securityvulnerability.io/vulnerability/CVE-2024-37528,IBM Cloud Pak for Business Automation Vulnerable to Cross-Site Scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293.",IBM,Cloud Pak For Business Automation,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T02:21:50.815Z,0 CVE-2024-31897,https://securityvulnerability.io/vulnerability/CVE-2024-31897,IBM Cloud Pak for Business Automation Vulnerable to Server-Side Request Forgery,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178.",IBM,Cloud Pak For Business Automation,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T02:01:23.947Z,0 CVE-2023-50959,https://securityvulnerability.io/vulnerability/CVE-2023-50959,IBM Cloud Pak for Business Automation information disclosure,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account. IBM X-Force ID: 275938.",IBM,Cloud Pak For Business Automation,5.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-03-31T12:15:00.000Z,0 CVE-2023-35899,https://securityvulnerability.io/vulnerability/CVE-2023-35899,IBM Cloud Pak for Automation Vulnerable to CSV Injection,"The vulnerability in IBM Cloud Pak for Automation stems from a lack of proper validation of CSV file contents. This oversight enables a remote attacker to inject malicious commands that could be executed on the system. Several versions of the software are affected, making it crucial for users to implement appropriate safeguards to mitigate risks associated with CSV data handling.",IBM,Cloud Pak For Automation,7,HIGH,0.0004299999854993075,false,,true,false,false,,,false,false,,2024-03-21T02:47:00.000Z,0 CVE-2023-38367,https://securityvulnerability.io/vulnerability/CVE-2023-38367,Invalid Token Allows Unauthorized Access to IdP Configuration,"The IBM Cloud Pak Foundational Services Identity Provider API is susceptible to unauthorized access due to insufficient token validation. Attackers can exploit this vulnerability to perform Create, Read, Update, and Delete (CRUD) operations on IdP configurations using an invalid token. This flaw poses serious risks, including unauthorized viewing and manipulation of sensitive user identity data, which may compromise the security of the affected systems.",IBM,Cloud Pak For Automation,6.5,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-02-29T02:13:16.103Z,0 CVE-2023-40691,https://securityvulnerability.io/vulnerability/CVE-2023-40691,IBM Cloud Pak for Business Automation information disclosure,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users. IBM X-Force ID: 264805.",IBM,Cloud Pak for Business Automation,4.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-18T21:15:00.000Z,0 CVE-2023-45189,https://securityvulnerability.io/vulnerability/CVE-2023-45189,IBM Robotic Process Automation information disclosure,"A vulnerability in IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.10, 23.0.0 through 23.0.10 may result in access to client vault credentials. This difficult to exploit vulnerability could allow a low privileged attacker to programmatically access client vault credentials. IBM X-Force ID: 268752.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",6.5,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-11-03T23:15:00.000Z,0 CVE-2023-35024,https://securityvulnerability.io/vulnerability/CVE-2023-35024,IBM Cloud Pak for Business Automation cross-site scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.",IBM,Cloud Pak For Business Automation,4.6,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-10-14T16:15:00.000Z,0 CVE-2023-38718,https://securityvulnerability.io/vulnerability/CVE-2023-38718,IBM Robotic Process Automation information disclosure,"IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606.",IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.7,LOW,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-09-20T20:15:00.000Z,0 CVE-2023-23476,https://securityvulnerability.io/vulnerability/CVE-2023-23476,IBM Robotic Process Automation information disclosure,IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.,IBM,"Robotic Process Automation,Robotic Process Automation For Cloud Pak",3.1,LOW,0.000539999979082495,false,,false,false,false,,,false,false,,2023-08-02T15:15:00.000Z,0 CVE-2023-23468,https://securityvulnerability.io/vulnerability/CVE-2023-23468,IBM Robotic Process Automation for Cloud Pak access control,IBM Robotic Process Automation for Cloud Pak 21.0.1 through 21.0.7.3 and 23.0.0 through 23.0.3 is vulnerable to insufficient security configuration which may allow creation of namespaces within a cluster. IBM X-Force ID: 244500.,IBM,Robotic Process Automation For Cloud Pak,5.1,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0 CVE-2023-22593,https://securityvulnerability.io/vulnerability/CVE-2023-22593,IBM Robotic Process Automation for Cloud Pak security configuration,"IBM Robotic Process Automation for Cloud Pak versions 21.0.1 to 21.0.7.3 and 23.0.0 to 23.0.3 are prone to a security misconfiguration in the Redis container. This flaw may allow attackers to achieve elevated privileges, potentially compromising system integrity and exposing sensitive data. Organizations utilizing affected versions should review their configurations to safeguard against unauthorized access.",IBM,Robotic Process Automation For Cloud Pak,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-06-27T19:15:00.000Z,0 CVE-2023-22860,https://securityvulnerability.io/vulnerability/CVE-2023-22860,IBM Cloud Pak for Business Automation cross-site scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244100.",IBM,Cloud Pak for Business Automation,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-27T15:15:00.000Z,0 CVE-2023-23469,https://securityvulnerability.io/vulnerability/CVE-2023-23469,IBM Cloud Pak for Business Automation information disclosure," IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504. ",IBM,Cloud Pak for Business Automation,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-01T19:15:00.000Z,0 CVE-2023-22592,https://securityvulnerability.io/vulnerability/CVE-2023-22592,IBM Robotic Process Automation for Cloud Pak insufficient permission settings,"A vulnerability in IBM Robotic Process Automation for Cloud Pak versions 21.0.1 through 21.0.4 may allow local users to perform unauthorized actions. This is due to insufficient permission settings that do not adequately restrict user capabilities, potentially leading to security breaches. Organizations using these versions should review their permission configurations to mitigate this risk.",IBM,Robotic Process Automation for Cloud Pak,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0 CVE-2023-22594,https://securityvulnerability.io/vulnerability/CVE-2023-22594,IBM Robotic Process Automation for Cloud Pak cross-site scripting,IBM Robotic Process Automation for Cloud Pak 20.12.0 through 21.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244075.,IBM,Robotic Process Automation for Cloud Pak,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-01-18T19:15:00.000Z,0 CVE-2022-43844,https://securityvulnerability.io/vulnerability/CVE-2022-43844,IBM Robotic Process Automation for Cloud Pak session fixation,"IBM Robotic Process Automation for Cloud Pak versions 20.12 through 21.0.3 are susceptible to a broken access control vulnerability. This flaw prevents the proper redirection of users to the platform logout screen upon logging out, potentially exposing sensitive information. Users may remain authenticated longer than intended, thereby increasing the risk of unauthorized access to the system. It is essential for organizations using these versions to implement the necessary updates and security measures to mitigate any associated risks.",IBM,Robotic Process Automation For Cloud Pak,8.8,HIGH,0.0008099999977275729,false,,false,false,false,,,false,false,,2023-01-05T17:19:27.774Z,0 CVE-2022-43901,https://securityvulnerability.io/vulnerability/CVE-2022-43901,IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps information disclosure," IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. ",IBM,Websphere Automation For Cloud Pak For Watson Aiops,5.7,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-12-01T18:09:20.923Z,0 CVE-2022-43900,https://securityvulnerability.io/vulnerability/CVE-2022-43900,IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps security bypass," IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827. ",IBM,Websphere Automation For IBM Cloud Pak For Watson Aiops,5.3,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2022-12-01T18:00:27.526Z,0 CVE-2022-42442,https://securityvulnerability.io/vulnerability/CVE-2022-42442,IBM Robotic Process Automation for Cloud Pak information disclosure," IBM Robotic Process Automation for Cloud Pak 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to exposure of the first tenant owner e-mail address to users with access to the container platform. IBM X-Force ID: 238214. ",IBM,Robotic Process Automation For Cloud Pak,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-11-03T00:00:00.000Z,0