cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-49348,https://securityvulnerability.io/vulnerability/CVE-2024-49348,Access Control Vulnerability in IBM Cloud Pak for Business Automation,"An access control vulnerability in IBM Cloud Pak for Business Automation allows improperly restricted access to organizational data. Specifically, the reassignment of comment tasks through an API inadvertently enables access to user queries in contexts that should be limited, posing a risk for unauthorized data visibility.",IBM,Cloud Pak For Business Automation,4.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:30:05.572Z,0
CVE-2024-52365,https://securityvulnerability.io/vulnerability/CVE-2024-52365,Stored Cross-Site Scripting in IBM Cloud Pak for Business Automation,"The IBM Cloud Pak for Business Automation contains a vulnerability that allows authenticated users to execute arbitrary JavaScript code through stored cross-site scripting. This weakness can be exploited via the web interface, enabling attackers to manipulate the application's functionality and potentially expose sensitive information, including user credentials during trusted sessions.",IBM,Cloud Pak For Business Automation,6.4,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:28:32.866Z,0
CVE-2024-52364,https://securityvulnerability.io/vulnerability/CVE-2024-52364,Cross-Site Scripting Vulnerability in IBM Cloud Pak for Business Automation,"IBM Cloud Pak for Business Automation versions 18.0.0 through 22.0.2 are susceptible to a cross-site scripting vulnerability that allows authenticated users to inject arbitrary JavaScript code into the Web UI. This injection can compromise the functionality of the application and potentially lead to the unauthorized disclosure of user credentials within a trusted session, posing significant security risks.",IBM,Cloud Pak For Business Automation,5.4,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-05T11:22:17.219Z,0
CVE-2024-37528,https://securityvulnerability.io/vulnerability/CVE-2024-37528,IBM Cloud Pak for Business Automation Vulnerable to Cross-Site Scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  294293.",IBM,Cloud Pak For Business Automation,5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T02:21:50.815Z,0
CVE-2024-31897,https://securityvulnerability.io/vulnerability/CVE-2024-31897,IBM Cloud Pak for Business Automation Vulnerable to Server-Side Request Forgery,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks.  IBM X-Force ID:  288178.",IBM,Cloud Pak For Business Automation,4.3,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-07-08T02:01:23.947Z,0
CVE-2023-50959,https://securityvulnerability.io/vulnerability/CVE-2023-50959,IBM Cloud Pak for Business Automation information disclosure,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2,19.0.1, 19.0.2, 19.0.3,20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1,2 2.0.2, 23.0.1, and 23.0.2 may allow end users to query more documents than expected from a connected Enterprise Content Management system when configured to use a system account.  IBM X-Force ID:  275938.",IBM,Cloud Pak For Business Automation,5.3,MEDIUM,0.0006900000153109431,false,,false,false,false,,,false,false,,2024-03-31T12:15:00.000Z,0
CVE-2023-40691,https://securityvulnerability.io/vulnerability/CVE-2023-40691,IBM Cloud Pak for Business Automation information disclosure,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 may reveal sensitive information contained in application configuration to developer and administrator users.  IBM X-Force ID:  264805.",IBM,Cloud Pak for Business Automation,4.9,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-12-18T21:15:00.000Z,0
CVE-2023-35024,https://securityvulnerability.io/vulnerability/CVE-2023-35024,IBM Cloud Pak for Business Automation cross-site scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  258349.",IBM,Cloud Pak For Business Automation,4.6,MEDIUM,0.0006200000061653554,false,,false,false,false,,,false,false,,2023-10-14T16:15:00.000Z,0
CVE-2023-22860,https://securityvulnerability.io/vulnerability/CVE-2023-22860,IBM Cloud Pak for Business Automation cross-site scripting,"IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.  IBM X-Force ID:  244100.",IBM,Cloud Pak for Business Automation,5.4,MEDIUM,0.0005000000237487257,false,,false,false,false,,,false,false,,2023-02-27T15:15:00.000Z,0
CVE-2023-23469,https://securityvulnerability.io/vulnerability/CVE-2023-23469,IBM Cloud Pak for Business Automation information disclosure,"
IBM ICP4A - Automation Decision Services 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 244504.

",IBM,Cloud Pak for Business Automation,3.3,LOW,0.0004400000034365803,false,,false,false,false,,,false,false,,2023-02-01T19:15:00.000Z,0
CVE-2021-29859,https://securityvulnerability.io/vulnerability/CVE-2021-29859,User Management Flaw in IBM Cloud Pak for Business Automation,A flaw in the User Management System of IBM Cloud Pak for Business Automation could enable individuals with physical access to execute unauthorized actions and potentially access sensitive information. This issue arises from inadequate validation and the inability to revoke another user's logged-in session properly. Organizations utilizing affected versions should assess their physical security measures and consider updates or patches provided by IBM.,IBM,Cloud Pak For Business Automation,3.5,LOW,0.0005300000193528831,false,,false,false,false,,,false,false,,2022-05-02T17:15:00.000Z,0
CVE-2021-38893,https://securityvulnerability.io/vulnerability/CVE-2021-38893,Stored Cross-Site Scripting in IBM Business Process Manager and Workflow,"IBM Business Process Manager versions 8.5 and 8.6, along with IBM Business Automation Workflow versions 18.0 to 21.0, are susceptible to a stored cross-site scripting vulnerability. This issue permits an attacker to insert arbitrary JavaScript code within the Web UI, which can modify the application's intended behavior. The consequence of this vulnerability could lead to unauthorized disclosure of user credentials during a trusted session, thereby compromising the security of sensitive data.",IBM,"Cloud Pak For Automation,Business Process Manager Standard",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-12-21T19:15:00.000Z,0
CVE-2021-38900,https://securityvulnerability.io/vulnerability/CVE-2021-38900,Improper Access Control in IBM Business Process Manager and Automation Workflow,"IBM Business Process Manager and IBM Business Automation Workflow are affected by an issue that allows privileged users to bypass access controls and potentially gain access to sensitive information. This vulnerability stems from inadequate enforcement of access permissions, which could expose critical data to unauthorized users. Organizations utilizing these products should review their security configurations and implement available patches to mitigate the risks associated with this vulnerability.",IBM,"Business Automation Workflow,Cloud Pak For Automation",4.9,MEDIUM,0.0007600000244565308,false,,false,false,false,,,false,false,,2021-12-21T19:15:00.000Z,0
CVE-2021-29751,https://securityvulnerability.io/vulnerability/CVE-2021-29751,,"IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.5 and 8.6 could allow an authenticated user to obtain sensitive information about another user under nondefault configurations. IBM X-Force ID: 201779.",IBM,"Business Process Manager,Business Automation Workflow,Cloud Pak For Automation",3.1,LOW,0.0005600000149570405,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0
CVE-2021-29775,https://securityvulnerability.io/vulnerability/CVE-2021-29775,,IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.,IBM,"Business Automation Workflow,Cloud Pak For Automation",6.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-06-28T16:15:00.000Z,0