CVE-2023-32339

Description

IBM Business Automation Workflow is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 255587.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected products

ibm / business_automation_workflow19.0.0.1 – 19.0.0.3
ibm / business_automation_workflow20.0.0.1 – 20.0.0.2
ibm / business_automation_workflow21.0.1 – 21.0.3.1
ibm / business_automation_workflow21.0.1 – 22.0.2

References

MISChttps://https://www.ibm.com/support/pages/node/7001291
MISChttps://https://www.ibm.com/support/pages/node/6998727
MISChttps://www.ibm.com/support/pages/node/6998727