CVE-2023-35024

Published Oct 14, 2023

Last updated a year ago

CVSS high 7.6

Overview

Description: IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 258349.
Source: psirt@us.ibm.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.6
Impact score: 4.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-79
psirt@us.ibm.com: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D419EF8-4D41-4FBE-A41B-9F9EAF7F72EE"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C27956AA-CCEE-4073-A8D7-D1B9575EE25C"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "12A70646-ADD3-4CF7-A591-8BE96FBEF5A9"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF6CB2C4-800F-487A-B0E5-8A0A9718549D"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D52711AA-0F11-47E7-8EE8-6B8D65403F8A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE2C6F84-C83F-4AE1-B0A7-740568F52C04"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC8A641D-B7AB-41FA-AFDB-2C8EBDA6A1A7"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "250AC4D5-1D25-4EEE-B1CA-AA8E104BBF7B"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C5B7FA4-A27C-40CA-AA53-183909D18C13"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA799229-3577-409F-BFCC-0ABA541EA710"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"
          },
          {
            "criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References