Vulnerability Details CVE-2021-29775
IBM Business Automation Workflow 19.0.03 and 20.0 and IBM Cloud Pak for Automation 20.0.3-IF002 and 21.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 203029.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.6%
CVSS Severity
CVSS v3 Score 6.4
CVSS v2 Score 4.3
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/203029
- https://www.ibm.com/support/pages/node/6465127
- https://www.ibm.com/support/pages/node/6467057
- https://exchange.xforce.ibmcloud.com/vulnerabilities/203029
- https://www.ibm.com/support/pages/node/6465127
- https://www.ibm.com/support/pages/node/6467057
Products affected by CVE-2021-29775
-
cpe:2.3:a:ibm:business_automation_workflow:19.0.0.3
-
cpe:2.3:a:ibm:business_automation_workflow:20.0.0.0
-
cpe:2.3:a:ibm:cloud_pak_for_automation:20.0.3-if002
-
cpe:2.3:a:ibm:cloud_pak_for_automation:21.0.1